New Delhi: Following the Pegasus project revelations, the Belgian military intelligence service drew up a list of likely victims, checked their phones and then found signs of a Pegasus spyware attack on the mobile devices of a Belgian journalist and his wife.
In July, a global survey of 17 media organizations, including The cable, had revealed how weapons-grade spyware manufactured and sold by the Israeli NSO group may have been used to target large numbers of world leaders, politicians, journalists, government officials, lawyers and members of civil society. This was based on an investigation of a leaked database of unassigned 50,000 phone numbers and forensic analysis of over 67 devices by Amnesty International’s security laboratory.
The Belgian media partners of the Pegasus project, talent and Le Soir, found that the Belgian Military Intelligence Service, the General Intelligence and Security Service (both under its Dutch and French acronyms ADVID-SGRS) launched an investigation following the revelations of the Pegasus project by compiling a list of several Belgian citizens, be the potential targets of the spyware.
In the intelligence service report of September 16, accessed by talent and Le Soir, ADIV wrote that the journalist Peter Verlinden and his wife Marie Bamutese had been contacted by the secret service for a “security check of their communication devices”.
âAs the full examinations are still ongoing, our service team assumes that both Peter Verlinden’s and Marie Bamutese’s devices have been targeted by the Pegasus software. Given the timing of the intrusion and the nature of the attacked people, the SGRS assumes that such an intrusion was very likely initiated by Rwanda, âthe four-page document states talent and Le Soir.
Amnesty International’s Security Lab has also confirmed the infection after a forensic examination.
âDue to the complexity of the NSO spyware Pegasus, further investigations are being carried out by SGRS to confirm our initial assessment and to determine the full extent of the compromise,â said the report from the Belgian security agency.
According to reports from talent and Le Soir, further telephones are analyzed by ADVID-SGRS. The agency declined to comment.
The NSO Group, which firmly rejected the leaked database, claims it only sells its spyware to “vetted” governments.
The likely possibility that Verlinden would be targeted by Rwanda was based on his long journalistic career specializing in Central Africa.
âGiven my relationship with the Rwandan regime, we were not really surprised that Rwanda is trying to find out what my wife and I are doing. In recent years we’ve come under fire from internet trolls on social media. In 2018 we filed a libel complaint. In other words, we are used to the Rwandan regime, âVerlinden told the Pegasus project.
The 64-year-old journalist worked for the Belgian public broadcaster VRT for 32 years until 2019. He is currently an independent journalist who writes for several publications, including talent. His wife, a former Rwandan refugee, is a Belgian citizen.
He confirmed that ADIV had contacted him in August with a request to analyze both phones. âAt the end of August they made a copy of the phones and analyzed them for five days. Yesterday (September 16) the report followed with the conclusion that both devices were probably hacked with Pegasus. “
In the secret analysis report, the secret service described Pegasus as “possibly one of the most powerful spyware programs ever produced by a private company”.
Once inserted into a phone, the device is “completely compromised and the spyware is continuously monitoring”. The spyware can remotely turn on a phone’s microphone and camera.
According to the report, there is not much phone users can do “other than keep the phone’s software and applications updated”.
Verlinden said it was daunting to read the insidious nature of Pegasus.
âBut when you read ADIV’s explanation of what Pegasus can do, it’s very dark. Whoever sends Pegasus to you takes full possession of your phone. Even from the GPS tracker. You know exactly where you are. Signal is not safe either. You feel like everyone can see what you are doing. There is a very dirty feeling, a feeling of insecurity. We’ve tried to live with it, but it’s a heavy blow on top of that. “
Rwanda identified as a “very likely” NSO customer
According to the forensic analysis, Military Intelligence reported that Pegasus was “likely” installed on Verlinden’s phone between September 22-29, 2020. His phone was infected sometime between October 20th and November 2nd, 2020.
The report said the timing of the intrusion was “strange”. “The periods mentioned correspond to the weeks following the kidnapping of Paul Rusesabagina and the international outrage that took over Western media and put Rwanda’s actions in the spotlight,” it said.
ADIV concluded that due to timing and targets, Rwanda was âvery likelyâ to be behind this spyware intrusion case.
Corresponding talent, it is “an exception that a secret service goes so far as to attribute a cyber attack”.
Rusesabagina became known around the world through the Hollywood film Hotel Rwanda, which documents the story of how a hotel manager saved the lives of over 1,200 Hutus and Tutsi during the Rwandan genocide in 1994.
The lawyers for Rusesabagina, a Belgian national and permanent resident of the United States, alleged that he had been tricked into boarding a charter flight to Kigali in August last year. A well-known critic of Rwandan President Paul Kagame, he has been tried on a number of terrorism-related charges. The verdict of the seven-month trial boycotted by Rusesabagina is expected to be pronounced on September 20th.
The Pegasus project has already shown that Rusesabagina’s daughter Carine Kanimba, a US-Belgian citizen, had also become a victim of the intrusive software. She had led the campaign to free her father from Rwanda.
Amnesty International forensic analysis revealed that Kanimba’s phone had been infiltrated several times since at least January this year.
The guard noted that Rwanda had long been suspected of being a customer of the NSO Group. WhatsApp contacted at least six Rwandan-related dissidents in 2019 who were attacked by NSO spyware in an attack that affected hundreds of users around the world over a two-week period from April to May this year.
Several prominent names in the Rwandan diaspora have been spotted in the leaked list of likely targets selected by NSO clients.
Peter Verlinden hoped the Belgian government would send out a signal that the hacking of his phone was “a step too far”. He announced that he would file a complaint soon.
There was no reaction from the Rwandan government. Rwanda had previously denied allegations of being an NSO customer and being behind the use of Pegasus by several dissidents.
In a statement, the NSO Group responded: âWe cannot make serious comments on theâ likely estimates âmade by an anonymous actor. From the minimal information we have received from you, it appears that this question has nothing to do with the NSO Group or any of its technologies. “
The Pegasus Project is a collaborative research involving more than 80 journalists from 17 news organizations in 10 countries, coordinated by Forbidden Stories with technical assistance from Amnesty International’s security laboratory. Read all of our coverage here.