- Boris Johnson's Downing Street was the subject of "multiple" suspected attacks via Pegasus spyware, a report said.
- Pegasus is the hacking software developed and licensed to governments around the world by the Israeli firm NSO Group.
- Experts at the University of Toronto believe the attacks, between 2020 and 2021, were linked to the UAE.
Boris Johnson's Downing Street office was the target of multiple suspected malware attacks believed to be linked to the United Arab Emirates, a report said.
Number 10 was believed to have been targeted with Pegasus, a sophisticated hacking software that can turn a phone into a remote listening device, between 2020 and 2021, according to a report published Monday by Citizen Lab at the University of Toronto.
Over the same period there were also suspected attacks on the Foreign, Commonwealth and Development Office associated with Pegasus operators linked to the UAE, as well as India, Cyprus and Jordan, the report claimed.
Pegasus is the hacking software – or spyware – developed, marketed, and licensed to governments around the world by the Israeli firm NSO Group. It has the capability to infect phones running either iOS or Android operating systems.
A device connected to the Downing Street network was infected using the spyware on July 7, 2020, according to a report on the research by The New Yorker.
John Scott-Railton, a senior researcher at the Citizen Lab, told the magazine: "When we found the Number 10 case, my jaw dropped."
In a statement published on its website, Citizen Lab director Ron Deibert said the team had taken the unusual step of notifying officials because the group "believes that our actions can reduce harm."
However, the group was not able to identify the specific individuals within No. 10 and the Foreign Office who are suspected of having been hacked.
Deibert noted that the FCDO attack could have similarities to the 2021 hacking of foreign phone numbers used by US State Department employees in Uganda. This attack was carried out by an unknown assailant using spyware developed by NSO Group, Reuters reported at the time.
In November 2021, the Biden administration blacklisted NSO Group after it determined the Israeli spyware maker had acted "contrary to the foreign policy and national security interests of the US," The Guardian reported.
Deibert said: "Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK government was aware of the ongoing spyware threat, and took appropriate action to mitigate it."
This is not the first time concerns have been raised about telecommunications security in Johnson's administration.
It emerged last April that the prime minister's phone number had been freely available online for a decade.
In March, Insider reported that Johnson was receiving digested versions of his ministerial red box via WhatsApp on a daily basis, prompting further security concerns.