After the police, the intelligence services: a month after revelations in the German press showing that the country’s federal police, the Bundeskriminalamt (BKA), had used Pegasus spyware in early 2020, the weekly Die zeit reveals that the German foreign intelligence service, the Bundesnachrichtendienst (BND), is also a client of the controversial computer snitch.

Pegasus, designed by the Israeli company NSO Group which sells it exclusively to police or intelligence forces, allows almost total control over a phone, whether it is running Android or iOS, without the user’s knowledge. Once installed, the program allows you to listen to conversations, know the geolocation of the device, and even activate the camera or save the archives of encrypted messaging such as WhatsApp.

In July, an international consortium of seventeen media including The world, coordinated by the organization Forbidden Stories, revealed multiple large-scale illegal uses of the software. A list of 50,000 potential targets, consulted by these media, had shown that large numbers of lawyers, journalists, and human rights activists had been spied on by Pegasus. A dozen heads of state and government were also on the list of potential targets, including Emmanuel Macron, as well as ministers and diplomats, in France as in other countries.

Political repercussions in Germany

It is not known since when and under what precise circumstances the BND was able to use Pegasus. But when the BKA signed a contract with NSO Group, the Federal Police’s legal departments themselves worried about the software’s capabilities: they feared that its use, even in the context of proper investigations, or contrary to the German Constitution, which guarantees the right to privacy. The BKA had specifically asked NSO Group to limit the capabilities of the software for its use.

Outside of Germany, the revelations of the “Pegasus Project” were greeted with a certain discretion in the European chancelleries.

The deputy Die Linke (left) Martina Renner arrested, Friday, October 8, several leaders of the environmental party Die Grünen and the FDP, two parties which have pleaded in recent months for a framework or a ban on spyware and which are today in the position of "kingmakers" for the formation of the future German government. "We need a ban on this software", written Mme Renner on Twitter, calling on both parties to "Keep their promises".





Outside of Germany, the revelations of the “Pegasus Project” have been greeted with a certain discretion in European chancelleries. According to sources inside NSO Group and within the intelligence services of several European countries, Germany is far from the only country in the Union to have used Pegasus. In Spain, Catalan independence activists were targeted by spyware, without it being known precisely which security service in the country was the client.

And France? NSO Group has approached, in recent years, several police or intelligence services in France, but none have acquired a license for the software, according to information from the World. A decision taken at the highest levels of the State, for reasons of technological sovereignty as well as “Reputational risk”: NSO Group sells its software to a multitude of authoritarian regimes, such as Kazakhstan or Rwanda, while claiming to carefully select its clients, including on ethical criteria.

“Protected” countries

These new revelations come as a British court confirmed, Wednesday, October 6, that the phones of Princess Haya of Dubai had indeed been spied on by Pegasus, on behalf of her husband, the Emir of Dubai. Documents released by the court show that NSO Group warned the princess and her lawyer that they had most likely been targeted by Pegasus. Dubai’s access to the powerful spyware was cut soon after and NSO Group claims that UK numbers can no longer be targeted by the software.

According to a source familiar with the inner workings of NSO Group, Pegasus can no longer target countries of the “Five Eyes” alliance, which includes the United States, Canada, the United Kingdom, Australia and New Zealand. -Zeeland. According to this source, the software can only spy on phones from these countries when the customer is from the same country: an Australian customer of Pegasus (law enforcement or intelligence service) could thus only monitor Australian phones.

After our revelations, the French Minister of the Armies, Florence Parly, asked the Israeli authorities that the French numbers are also protected, she revealed at the end of September in an interview with World. “We got a response telling us that would be the case. I can’t tell you anything more »said Mme Parly.

