US-based Nigerian expert in network engineering and cybersecurity, Adedeji Olusegun, has unraveled the intricacies of Pegasus, a controversial cyber weapon developed by the Israeli firm NSO Group.

In a paper obtained by this medium, Olusegun highlighted the significance of this advanced spyware, shedding light on its history, functionality, and ethical implications. Pegasus is widely regarded as one of the most sophisticated tools for cyber surveillance, capable of infiltrating smartphones running iOS and Android operating systems to gain unauthorized access to personal data without the user’s knowledge.

Olusegun’s analysis traces the origins of Pegasus to the NSO Group, founded by Shalev Hulio and Omri Lavie, who initially developed a video marketing product that failed to gain traction. Their pivot to cellphone tech support, through a company called CommuniTake, laid the groundwork for Pegasus by enabling remote device control. This technology caught the attention of intelligence agencies and eventually led to the creation of Pegasus in 2011. The spyware’s evolution has since been governed by four core pillars: NSO would not operate Pegasus independently, would only sell to governments, would carefully select its clients, and would work under the oversight of Israel’s Defense Exports Control Agency.

According to the cyber expert, one of the earliest deployments of Pegasus was in Mexico, where it was used to combat drug cartels by hacking their Blackberry messaging service. This successful operation not only bolstered Mexico’s efforts against organized crime but also shifted the country’s diplomatic stance in favor of Israel in the United Nations. However, Olusegun points out that such successes have been overshadowed by controversies surrounding the misuse of the spyware.

In explaining how Pegasus works, Olusegun notes its ability to infiltrate devices through various mechanisms, including zero-click attacks that require no user interaction. This means that even receiving a malicious message can compromise a device. Pegasus also employs network injections, which allow it to exploit unprotected websites visited by the target. In some cases, spyware can even be manually installed if physical access to the device is obtained. These methods, whether through rooting Android devices or jailbreaking iPhones, ultimately grant the spyware full control over a device’s operating system.

Olusegun emphasised the grave implications of Pegasus for digital privacy and security. Its capability for undetected surveillance poses a significant threat to individuals’ privacy rights. Reports have revealed its use against journalists, human rights activists, and political figures, prompting widespread condemnation from international organizations. Such misuse underscores the challenges in regulating the deployment of cyber surveillance tools and safeguarding against their exploitation.

In his analysis, he delved into the ethical and legal questions surrounding the use of Pegasus. While the NSO Group asserts that its spyware is designed for combating terrorism and crime, numerous investigations have revealed that it has been used to target non-criminal entities.

This misuse, according to him undermines fundamental rights, including the right to privacy and freedom of expression, and calls into question the adequacy of existing regulatory frameworks.

The expert further explores the international response to Pegasus, noting that governments and organizations have called for stricter oversight of cyber surveillance technologies.

The European Parliament, for instance, has examined the impact of Pegasus on democratic processes and fundamental rights, advocating for policies that balance national security with human rights protections.

Olusegun draws attention to the broader implications of cyber weapons like Pegasus in an era of rapid technological advancement. He argues that the existence of such tools necessitates robust legal and ethical governance to prevent their misuse while allowing for legitimate applications in safeguarding national security. Failure to do so could erode trust in digital systems and compromise individual freedoms.

The paper also underscores the role of countries in the proliferation of spyware. Pegasus has been sold to nations such as Djibouti, Panama, Mexico, Saudi Arabia, and Nigeria, raising questions about the criteria used by NSO to select its clients. Olusegun warns that the lack of transparency in these transactions increases the risk of abuse and undermines global efforts to promote digital security.

Moreover, Olusegun’s analysis highlights the role of corporate responsibility in the deployment of cyber weapons. He calls on tech companies and governments to collaborate in establishing clear guidelines and accountability measures for the use of such tools. Without these safeguards, the potential for harm outweighs the benefits of technological innovation.

He asserted that the controversies surrounding Pegasus are a stark reminder of the need for ethical governance in the digital age. As cyber weapons become more advanced, the international community must work together to establish norms that prevent misuse while supporting legitimate security needs.

Pegasus, he argued , serves as both a cautionary tale and a call to action for policymakers, technologists, and advocates of human rights.

As nations grapple with the challenges posed by advanced surveillance tools, Olusegun’s expertise offers valuable guidance for navigating the complex intersection of technology, security, and ethics.