FIGAROVOX / MAINTENANCE – L’ONG Forbidden Stories holds a list of 50,000 telephone numbers, including that of President Emmanuel Macron, potentially infiltrated by the Pegasus software by the Moroccan state. François-Bernard Huyghe analyzes the stakes of this espionage between States.
François-Bernard Huyghe is research director at IRIS. He recently published The art of ideological warfare, (2019, Le Cerf).
FIGAROVOX. – What is the Pegasus project?
François-Bernard Huyghe. – Project Pegasus is a project run by a private company called NSO, which acts only with permission from the US government, and provides, on paper only to state actors, software to intrude into phones. This company has very advanced technology. In principle, this is software intended to fight against espionage or serious crime and which has the particularity of infiltrating the smartphone (Android or iOS system). Once infiltrated, the system has access to all the information (content of calls, applications, geolocation). In this, this hacking differs from simply intercepting phone calls.
At the time of the Elysée wiretaps, the police services monitored conversations exchanged between landlines. Subsequently, we experienced the immense scandals revealed by Snowden and Assange. In 2013, it was even revealed that the NSA, under Obama, had listened to Chirac, Sarkozy, Hollande and Merkel. The NSA had picked up their communications from outside via satellite systems for example. There are two main differences with the current situation: on the one hand, these are private companies; on the other hand, their techniques allow them to take the power of the cell phone, which is more serious than listening to conversations.
The NGO Forbidden Stories is said to have a list of 50,000 telephone numbers that certain states would have liked to listen to: there is no absolute proof that it worked.
How could we bypass security and infiltrate the French president’s cellphone?
François-Bernard Huyghe. – It is not absolutely certain at this stage that cell phones have been infiltrated. It does seem strange that Emmanuel Macron’s laptop is not ultra-secure, it is not certain that this has happened. There is an overabundance of documentation in this matter and we must be careful. LONG Forbidden Stories would have a list of 50,000 phone numbers that some states would have liked to listen to: there is no absolute proof that this worked. For Forbidden Stories, this represents a colossal job. At the time of the Snowden affair, the NGO concerned had to seek help from press titles to absorb the workload.
Forbidden Stories found a list of phones likely to be infected including 1,000 French, for example containing Éric Zemmour. In addition, the association gives a list of states “in principle”: these are those which have already practiced this before (Saudi Arabia, Mexico, Morocco). If I understood correctly, there is neither France nor the United States. If I were paranoid I would wonder if some states are not using other friendly states as subcontractors.
Where does Morocco’s interest stop by making journalists from Le Monde or someone like Zemmour listen?
What was Morocco looking for by carrying out such eavesdropping?
François-Bernard Huyghe. – Morocco has obviously denied these accusations. When the country listens to its own dissidents, like the famous Omar Radi, we can ultimately understand the motivations. He is an opponent who has been listened to and infiltrated for years with improving technologies. Omar Radi was having fun by giving false appointments by message to his friends for demonstrations and watching the police arrive on the scene. Apart from that, in the list of personalities who would be listened to by Morocco, there is the Moroccan Prime Minister, that is also understandable. Why on the other hand does he listen to Edwy Plenel? Perhaps he is afraid that he will make files on Morocco. Where does Morocco’s interest stop by listening to journalists from World or someone like Zemmour? Perhaps he wants to know if Eric Zemmour will have an influence on the French presidential election or even run. Everyone points to Morocco or Saudi Arabia, but we could point to several other countries. This overabundance of Morocco has two explanations: either the king of Morocco is paranoid and he wishes to know what is happening in France because it is a particularly important ally country; either Morocco is doing the work for someone else and I have no answer to this question.
What are the consequences of such surveillance, both at the level of state security rules and at the diplomatic level?
François-Bernard Huyghe. – We hope that the security rules for telephone conversations between our ministers and our president will be strengthened. It is a mark of patriotism to wish it. I was also outraged when Hollande was listened to under Obama! For the reinforcement of the rules, it becomes a technical question: we have very good IT specialists, ANSSI is efficient, we probably have the technical means to check if the Pegasus software really worked for listening to devices, even if it is very discreet and that it stays in the living memory. The question of whether we will give away truly secure systems or whether Android or iOS (Apple publicly guarantees privacy) will take hold of the question, is uncertain, even if it is probable.
We know that states are not going to use it just to arrest criminals and terrorists. Moreover, if something serves a state, it can also serve private interests.
The international consequences are still unknown: are we going to take measures against private actors? Basically, nothing will change significantly. Snowden heroically sacrificed himself, the system continued to function. Could we at least, as Snowden recommends, imagine sanctioning measures against private actors who sell spy systems whose purpose is to violate privacy? In principle, they only sell them to states. However, we know that states are not going to use it just to arrest criminals and terrorists. Moreover, if something serves a state, it can also serve private interests. It is already possible to obtain, not in France but abroad, software which, after installation, makes it possible to know who the person is calling. There are many devices to invade privacy (such as hidden cameras). International agreements would have to be reached to sanction beyond a certain degree of sophistication. Pegasus is truly at the cutting edge of technical progress.
To infiltrate a phone, to know its entire content, there are three methods. First there is thes pearfishing, where you are sent fake messages with links that infiltrate the device and take control of it by installing a system. Stage 2 is to infiltrate when you go to consult a URL address: believing that you are checking train times or a ministry site, you are in fact sent to another site that downloads the system. They would have arrived at stage 3, they would have the means through unknown loopholes to go directly into the telephone. Even if nothing stupid is done, they would have the means to get into the phone undetected. It would date from 2013, NGOs have been on the trail since that year, when they attacked Omar Radi.
There is technical progress in the means, but the only obstacle is the price. Not everyone can afford these services. There seems to be no limit to their system. Even Telegram, a very secure network, cannot resist them.