28 de November de 2022

Pegasus Is the Tip of the Iceberg: Computer Security Day

Conversa entre Anaïs Franquesa, Enric Lujan, Marc Serra i Ignacio Orovio.

You don't have to be a senior political officer to become the target of a cyber attack. Maybe the opposite. This week we celebrate the Computer Security Day, and we want to share our learnings following the Pegasus case, going back to the conversation between Anaïs Franquesa, Enric Luján, Marc Serra and Ignacio Orovio, as well as remembering the workshops to defend ourselves against spyware by DonesTech.

Did you know that some Final Fantasy XIV players were victims of a phishing campaign(1) via the game's internal chat? Do you remember how one of the main public universities in Barcelona, UAB, suffered a cyberattack that disabled the university's IT services? Digital fraud and Internet scams that aim to obtain our private data are becoming more and more frequent, and it seems that they are even becoming more sophisticated.

The situation is much more serious when governments are the ones that carry out these attacks as a control tool to maintain a supposed calm social balance. Spyware such as Pegasus being in the spotlight has alerted the international community. In July 2021, The Guardian revealed that the Spanish government used Israeli company NSO Group's Pegasus spyware on members of the Catalan government, as well as their relatives and close associates.

How can Pegasus end up parasitizing our device? Why, despite having a legal framework that protects us from the extraction of our data, does it not defend us against the use of spyware? How have we come to give up a part of our freedom, in exchange for security from governments? Anaïs Franquesa (co-director of Irídia - Center for the Defense of Human Rights), Enric Luján (political scientist specializing in the defense of freedom and privacy on the Internet), Marc Serra (Councilor for Citizenship and Participation Rights) and Ignacio Orovio (investigative journalist at La Vanguardia) tried to answer these questions, in a very intense and nuanced debate.

We only know the tip of the iceberg of the cyberespionage problem. Firstly, Pegasus has led the breaking news in mass media, but we do not know how it really works. Secondly, as Enric Lujan said, Pegasus has been in the spotlight for months, but more sophisticated control tools are most likely to being developed and refined right now.

Technological innovation always goes a step forward of the legal system. Legal loopholes are breeding ground for corporations to do business with citizens' rights. "Fundamental rights are not graceful concessions, they are not gifts, but rather are limits to the absolute power of the states at the moment they are recognized, protected, and guaranteed," warned Anaïs Franquesa. For now, what we can do is know our rights and defend ourselves against a suspected attack with digital self-defense tools and mobile forensics, like the ones we put into practice with DonesTech.


(1) Sending a message or electronic mail by a cybercriminal emulating a legitimate entity.