Ep.

26: Pegasus is listening

ADAM SCHIFF: Good morning and welcome. The committee will come to order…

DINA TEMPLE-RASTON: Last Wednesday, the House Select Committee on Intelligence called
a hearing.

They wanted to talk about the proliferation of commercial spyware.

SCHIFF: Ms. Kanmiba, you are now recognized for your opening remarks.

CARINE KANIMBA: My name is Carine Kanimba, and I’m the youngest of six children of
Taciana and Paul Rusesabagina.

TEMPLE-RASTON: And the name might ring a bell… Don Cheadle played him in the movie
Hotel Rwanda.

DON CHEADLE: My name is Paul Rusesabagina. I am the house manager of the most
luxurious hotel in the capital of Rwanda.

TEMPLE-RASTON: The most luxurious hotel back then was Milles Collines…

And it’s famous because it is where more than 1200 Tutsi took refuge during 1994
genocide.

Outside the hotel walls, machete-wielding militias killed some 800,000 Rwandans in under
a hundred days.

Paul Rusesabagina risked his life to make sure the people taking shelter inside the hotel all
survived.

ABC NEWS: It Is not like anything I’ve ever seen in 30 years as a reporter. It is, I think, the
standard of which all future tragedies will be measured..

TEMPLE-RASTON: Rusesabagina’s defiance during the genocide isn’t exactly what brought
Carine to Capitol Hill last week. It was what her father did years afterwards.

1
KANIMBA: My father was given a platform and he used it for good. He was critical of what he
saw as an increasing violation of the human rights of Rwandans.

TEMPLE-RASTON: In other words, he was critical of the government of Rwandan President

Paul Kagame.

And the fact that a world famous human rights ambassador like Carine’s dad was openly
criticizing the president, well that didn’t sit well with authorities in Kigali.

Rusesabagina eventually fled – first to Belgium and then the U.S. – and that might have
been the end of it had it not been for an ill-fated trip to East Africa.

In August 2020, Carine’s dad boarded a chartered jet he thought was taking him to
Burundi.

It wasn’t until the plane doors opened… that he realized he had landed in Rwanda…

KANIMBA: He actually started to scream and thinking that perhaps the pilot would hear him
scream very loudly and come out and help him. In fact the pilot of, of the plane, uh, came
out and wished him good luck as he was being dragged out of the plane.

TEMPLE-RASTON: President Kagame has a long history of silencing his critics.

When I was in Rwanda reporting for a book I was writing back in 2003, I saw soldiers break
up campaign rallies for the opposition.

Politician opponents talked about constant death threats. Kagame’s critics had this way of…
disappearing.

So having Rusesabagina suddenly find himself rendered back to Rwanda, it was part of a
much larger pattern.

After a very short trial, the government sentenced him to 25-years in prison.

And Carine started a very public global campaign to get him released, which appears to
have made her a target too.

2
Though in her case instead of an elaborate kidnapping… she found herself on the receiving
end of a state-of-the-art threat: a kind of spyware called Pegasus.

KANIMBA: Everyone in my house, at home when they come into our home. They're so
worried about Pegasus now that we just put everyone's phones in the microwave. I don't
know why it makes people feel safer, but it does.

TEMPLE-RASTON: It is the brainchild of an Israeli company called NSO Group.

And it has the uncanny ability to turn any phone into a spy. It can be turned on remotely to
secretly listen to all your conversations, read all your texts, and track exactly where you are.

Carine, now a U.S. citizen, testified on Capital Hill about that.

She’s living proof of an increasing threat to the world, commercial

lize spyware.

Now you no longer need an intelligence service to do sophisticated surveillance, you just
need the money to pay for it.

JOHN SCOTT-RAILTON: We are looking at a slide back towards autocracy and

authoritarianism around the world. And in my mind, spyware like Pegasus is kerosene to
the flame.

TEMPLE-RASTON: I’m Dina Temple-Raston and this is Click Here — a podcast about all
things cyber and intelligence.

Today, Carine’s story, the commercial spyware business, and what it all means for the
company at the center of it all – NSO.

Stay with us.

[BREAK]

TEMPLE-RASTON: Every year the Human Rights Foundation has a conference called the Oslo
Freedom Forum.

3
Think of it as a kind of human rights festival, a chance for people who want to overthrow
tyrannies to meet people who already have.

That’s basically how they advertise it on YouTube.

VIDEO: Let us rise up against tyranny. We want a world where people can speak freely.
Today, I would you to join the cause, and I want you to join our revolution.

TEMPLE-RASTON: And this year, a cybersecurity watchdog group set up a booth at the
conference, and instead of handing out stickers or tote bags, they offered an unusual
service:

A free check of your phone for spyware.

SCOTT-RAILTON: It's never pleasant to receive news that you've been hacked. It's like
receiving, uh, bad diagnosis.

TEMPLE-RASTON: John Scott-Railton is a senior researcher at Citizen Lab at University of

Toronto.

And he was one of the people at that booth.

SCOTT-RAILTON: So we have developed approaches that allow us to do fairly rapid checks of

devices without, uh, invading the person's privacy too much.

TEMPLE-RASTON: So you kind of have like the rapid COVID test of Pegasus?

SCOTT-RAILTON: That's exactly how we describe it. And then if we find something of interest,
then we're gonna go do the PCR.

TEMPLE-RASTON: And when John did the PCR test on Carine’s phone – it came back
positive.

KANIMBA: This was shocking, of course, because I thought that American numbers could
not be targeted.

TEMPLE-RASTON: The NSO Group has said publicly that it doesn’t track U.S. phone numbers
but traces of the spyware appeared on Carine’s US phone anyway.

4
And it had been there for a while.

KANIMBA: They discovered that it had actually been infected in September of 2020. So that
is just about a month after my father had been kidnapped.

SCOTT-RAILTON: I think it was a confirmation of something that she had suspected, um,
which was, they were even more intensely targeted than they already knew.

TEMPLE-RASTON: Carine is sure the Rwandan government had put NSO’s Pegasus spyware
on her phone.

TEMPLE-RASTON: Do we know for a fact that the Kagame government is a client of NSO?

SCOTT-RAILTON: This is a really good question. We certainly see strong circumstantial

evidence pointing in this direction. Obviously the government has denied it, but it's par for
the course that governments typically deny that their customers of this kind of technology.

TEMPLE-RASTON: Which is exactly what the Rwandan government did.

VINCENT BIRUTA: I would like to also make a comment on these accusations against
Rwanda.

TEMPLE-RASTON: That’s Rwanda’s Minister of Foreign Affairs, Vincent Biruta.

BIRUTA: stating the use of a certain spyware by Rwanda. I’d like to reiterate here that
Rwanda doesn’t use this software system. We don’t possess that technical capability in any
form.

TEMPLE-RASTON: But, if perhaps they were using it, it could be very helpful in allowing
them to listen in on private meetings between someone like Carine and foreign officials who
might have been talking about her father’s imprisonment in Rwanda.

Which is exactly what the forensics on her phone suggest happened.

KANIMBA: We were able to match it with meetings that we had with government officials
around the world. And one very shocking example is in June of 2021, I walked into a
meeting with the Belgian minister of foreign affairs. Sophie Wilmes, in her office. Um, the

5
moment I walked in until the moment I walked out of her office, about an hour and a half
later, the software was active.

TEMPLE-RASTON: So Pegasus likely was listening in – it’s that good.

When we come back, the fate of the ubiquitous spyware’s parent company, the NSO Group.

Stay with us.

[BREAK]

TEMPLE-RASTON: When there’s a software as potentially damaging as Pegasus, whoever

owns it, holds a lot of power.

Right now, that power is in the hands of the NSO Group, which is essentially an arm of the
Israeli government.

So when news started popping up a few months ago that the NSO Group had a buyer that
put Pegasus in the hands of a U.S. company, the intelligence community started buzzing.

NEWS ANCHOR 1: Good evening everyone, thank you so much for joining us. A company
with a large presence here in Rochester…

NEWS ANCHOR 2: L3 Harris executives made numerous visits to Israel in order to secretly
negotiate the deal…

SCOTT-RAILTON: Well, there's always reporting about somebody interested in acquiring

NSO.

TEMPLE-RASTON: That’s Citizen Lab’s John Scott-Railton again.

SCOTT-RAILTON: This seems to be a perennial thing. And I think sometimes it may be real
and sometimes it may be something that NSO tells its investors and anybody who will
listen… [FADES OUT]

TEMPLE-RASTON: I was at a funeral of all places last Spring, in Washington, where people
were whispering about this potential sale.

6
And THEN I heard from defense contractors and the intelligence community that the U.S.
buyers didn’t really want NSO, they just wanted Pegasus.

As John Scott-Railton makes clear, there are lots of versions of the NSO sale story out there.

SCOTT-RAILTON: The New York Times had one version of the story which is – chunks of the
intelligence community were favorable to this. And then the Washington Post and the
Guardian and others had a different version of the story. Which is, although there may have
been some low-level positive feeling towards this, this was not something that was viewed
positively at a high-level.

TEMPLE-RASTON: People I spoke to said the confusion may be purposeful.

The intelligence community may have floated multiple versions of the story to see how it
would play.

SCOTT-RAILTON: I'm not really sure where the truth lies.

TEMPLE-RASTON: What IS clear is that at this point NSO is pretty toxic.

The Commerce Department has blacklisted it. In a statement, NSO told Click Here that civil
society groups like Citizen Lab aren’t balanced in their assessments of Pegasus.

And that the software program has lots of positive uses too.

And NSO added that it investigates every claim of misuse, though they didn’t say if it was
investigating Carine’s case.

The NSO group has assured people Pegasus won’t be sold to private entities who might
want to use it for malicious or petty reasons. If you don’t like your neighbor, you want to
check in on that new boyfriend, they promise not to provide spyware for that.

They say they sell it only to governments.

But, it has become clear that governments aren’t always using it for benevolent purposes
either.

7
Almost every week there are fresh examples of its use against democratic institutions
around the world.

And if you find Pegasus on your phone… what do you do?

Carine's solution is to just throw her phones away.

KANIMBA: After I learned that Pegasus was on my phone, I got rid of my other phone. And
we were feeling safe.

TEMPLE-RASTON: But it turns out they didn’t even need her phone.

In July, Citizen Lab discovered that her cousin Jean Paul, who’s working with her to get her
dad freed, had his phone infected with Pegasus too.

KANIMBA: We were shaken again, because we realized that at a moment where we felt
safer, at a moment where we felt that somehow our, our communications were safe, our
location was safe, our emails were safe. They were not at all. And in fact, they were following
everything we were doing.

KANIMBA: So it's almost like they used the two of us to ensure that they always know what
we were up to.

TEMPLE-RASTON: Had you ever heard of spyware before this all happened?

KANIMBA: Well, not in this way. I mean, in movies and, uh, my, my knowledge of spies and
spy wears, I know that the Rwandan government uses methods, illegal methods to silence
critics. Right? So the possibility that they were using is spyware to try to track us. We knew
of that possibility, but we just never thought that they would actually waste the resources
on following two kids.

TEMPLE-RASTON: But they did.

And of course to someone like Carine and her cousin isn’t just about privacy.

SCOTT-RAILTON: Rwanda is also a case where some of the people who've been targeted with
this are potentially selected for targeting with this have also faced extremely serious
physical threats as well.

8
TEMPLE-RASTON: And while digital technology has been transforming diaspora
communities, allowing them to stay engaged with people back home and sometimes
encouraging dissent from abroad, autocrats are using that same technology to reach across
borders to intimidate those critics.

And, increasingly, they have more tools to do that.

While Pegasus may be commercial spyware that everyone seems to be talking about,
Google’s Threat Analysis group says it is tracking at least 30 other versions of it.

SCOTT-RAILTON: What I really strongly believe is that NSO and its ilk represent a twin threat
to U.S. national security foreign policy, but also to human rights.

TEMPLE-RASTON: Which is partly what motivated these Congressional hearings – people

like John Scott-Railton want lawmakers to rein commercial spyware in.

SCOTT-RAILTON: They can do it by sending chilling signals to the investors that back the
spyware marketplace. And they can also do it by making sure that spyware companies are
held accountable for what they're doing, and that problem companies aren't able to escape
responsibility.

TEMPLE-RASTON: And Carine wants that too., but mostly just wants her dad back.

SEAN MALONEY: My thanks and admiration for Ms. Kanimba. Your story is extraordinary.

TEMPLE-RASTON: That’s Democratic Congressman Sean Maloney of New York at last week’s
hearing.

MALONEY: I want to ask you what actions, if any, what actions are the U.S. government not
taking that you’d like it to take.

KANIMBA: I just want my father home. Um, I hope the US government will do everything
possible to bring him home before it is too late.

TEMPLE-RASTON: Can you see a scenario in which your father would be released?

9
KANIMA: Yes, absolutely. My father will come home, and my father has never lost hope, you
know, during the Rwanda genocide, um, he had every reason to lose hope. People were
being butchered to death around the hotel, and he never lost hope during those 75 days
that he kept everyone safe in the hotel and we will not lose hope either.

KANIMA: You know, when you think of Rwanda today, you think of the clean streets of
Kigali…however people in Rwanda are repressed. And our work today is to expose this. And
so and so my goal is for Kagame to see that it cost him more to keep my father in prison
than to let him out. We will continue forever if we have to, but I hope that he will make the
wise decision and let my father come home.

[MUSIC]

TEMPLE-RASTON: This is Click Here.

And one more thing.

[MUSIC]

TEMPLE-RASTON: In mid-July, President Vladimir Putin put an end to Russia’s long flirtation
with cryptocurrencies.

He signed a national law banning them.

ROMAN SANNIKOV: Russia’s always, again, had this kind of concern about the use of the
digital currencies because they were difficult to regulate.

Roman Sannikov has been tracking cryptocurrencies for years as both a researcher and an
analyst.

SANNIKOV: Russian never had a checking system, uh, you know, the way we had in the west
where you can write out a check and send something to someone, uh, and for a long time,
um, credit cards didn’t really, Function very well. So they needed to figure out some sort of
currency that they would be able to, move across borders

TEMPLE-RASTON: And crypto fit the bill, at least for a while.

10
A few months ago we introduced you to a friend of Click Here named Stanislav. He has a
small marketing business in St. Petersburg, Russia.

And he’d been talking to us about how he’d been managing to stay afloat despite the
world’s sanctions against his country.

And for a time, he was using crypto.

STANISLAV: You take some rubles here, some rubles here, you buy some USDT on Binance
or other crypto exchange.

TEMPLE-RASTON: USDT, that’s a cryptocurrency that is pegged to the US dollar.

And Binance is an online cryptocurrency exchange. Problem is that was back in March.

By the time we followed up with him again, a few weeks ago, Binance had ceased operations
for Russians like Stan. And that’s presented a problem.

STANISLAV: You cannot buy, uh, via the, the website. You cannot buy via Binance.

TEMPLE-RASTON: The new law, published on the Russian parliament website in mid-July,
appears to be a sort of half-hearted ban.

It says you can’t transfer or accept digital assets in return for goods, or services.

STANISLAV: But you can buy via peer to peer.

TEMPLE-RASTON: Peer to peer, so basically you know a guy who knows a guy who will trade
rubles for crypto.

And while you can still do that between bank accounts, it’s getting harder.

STANISLAV: if you want to, Hmm. Uh, still, if you want to buy some crypto. By peer to peer.
When you, when you are making your transfer to the peer, uh, you can see the message
from this bank that we, uh, we know that you are trying to buy crypto and it's not allowed.
So yes, you can buy, but you can, uh, have this problems with the bank and they can block
the transaction.

11
TEMPLE-RASTON: The law does allow for two things:

Stan can still INVEST in digital assets like Bitcoin or Ethereum, and Russians can still do
Bitcoin mining, which – at its most basic level – is getting a computer to work out a
complicated math problem that verifies a transaction and then earns a small commission.

Roman Sannikov explains:

SANNIKOV: So in order to accumulate substantial Bitcoin, you basically have to have

machines running at pretty much full tilt, uh, for a significant amount of time. Russia has
relatively inexpensive energy. They also generate a lot of heat, um, and need to be cooled
significantly. As funny as it may sound, Russia's climate, is kind of beneficial for them in, in
that sense.

TEMPLE-RASTON: One of the top Bitcoin mining areas in the world?

Siberia. For exactly that reason. Putin has recognized as much.

Back in January, he said Russia’s surplus energy and expertise in bitcoin mining puts Russia
at a competitive advantage, and he signaled he’s unlikely to put a stop to that any time
soon.

[MUSIC]

TEMPLE-RASTON: Here are some of the week’s top cyber and intelligence stories.

Prosecutors in Germany have issued a warrant for the arrest of a Russian national named
Pavel A, that’s according to German public broadcasting. They allege he is part of Berserk
Bear, a hacking group linked to Russia’s Federal Security Service or FSB and Berserk Bear
tends to hack infrastructure – specifically telecoms and power utilities.

The warrant wasn’t released publicly but German Public Broadcasting said that Pavel A was
responsible for cracking into telecom routers. The Justice Department indicted a 36-year-old
Russian named Pavel Akulov last year for hacking energy companies around the world. It’s
unclear if the DOJ indictment is the same guy.

TEMPLE-RASTON: Hackers took a bite out of the American Dental Association back in April.
The professional association for dentists confirmed in a breach notification letters that it

12
had been the victim of a ransomware attack. Some ransomware researchers say they
believe the Black Basta ransomware group was behind it. Black Basta tends to use double
extortion – they encrypt confidential data they steal, and then threaten to leak it if their
demands are not met.

TEMPLE-RASTON: And finally, the federal courts docketing system may have been hacked
back in early 2020, according to the Justice Department. DOJ is working very closely with
the Judicial Conference and judges around the country to address this issue, according to
Assistant Attorney General for National Security Matthew Olsen. He said as much at the
House Judiciary Committee last week.

MATTHEW OLSEN: Um, this is of course a significant concern for us, uh, given the nature of
the information that is often held by the courts.

TEMPLE-RASTON: Olsen said he could not think of any specific case that had been affected
by the breach.

[MUSIC]

TEMPLE-RASTON: Today’s episode was produced by Sean Powers and Will Jarvis, and it was
edited by Karen Duffin, with fact-checking from Darren Ankrom. Kendra Hanna is our intern,
and Ben Levingston composed our theme and original music for the episode. We had
additional music from Blue Dot Sessions.

Click Here is a production of The Record by Recorded Future.

And we’d love to hear from you. Please leave us a review and rating wherever you get your
podcasts. And you can connect with us at ClickHereshow.com

I’m Dina Temple-Raston. We’ll be back on Tuesday.

[MUSIC FADES OUT]

13