Colombian President Gustavo Petro on Thursday said that the previous administration of Iván Duque had purchased Pegasus, an Israeli spy software that’s been placed on a US blacklist, for USD $11 million in mid-2021.
According to the president’s televised broadcast, the information was sent to him by Luis Eduardo Llinas Chia, director at the Unit for Financial Information and Analysis (UIAF) on August 27, 2024.
However, Petro explained that he was advised against making the information public without written consent from the Israeli Financial Intelligence Unit (IMPA).
“Because I am the president, and don’t obey diplomatic relations with Israel at the moment as a consequence of the situation in Gaza, I withdraw myself from this prohibition and will share the contents of this letter,” he stated.
According to Petro, between July and August 2021, an Israeli bank presented a report for unusual activity after it received a cash deposit of $5.5 million directed towards the account of NSO Group Technologies Limited, the owners of Pegasus.
Such payment was related to an agreement amounting to $11 million between NSO Group Technologies Limited and the Colombian Police Intelligence Unit (DIPOL) for the purchase of the Pegasus software. The remaining $5.5 million was paid in September 2021.
“I decided to ask for information when different magistrates began speaking about interference, and especially after, 15 days before the closing of my presidential campaign, the media sought to transform survey results against me with information that they could have obtained from illegal interceptions,” stated President Petro.
The president questioned how such a sum of money had left State offices for the purchase of a software “that spies on cell phones, and private communications.”
“Who else was intercepted? What judicial order did they have, as the Constitution mandates, so that such interceptions were not illegal? Where did the money come from? Why wasn’t it officialized in the national budget?” he asked.
Shortly after Petro’s broadcast, the Prosecutor’s Office released a statement announcing the start of an investigation “to establish the truth and eventual identification of those responsible for the possible illegal acquisition and use of the espionage software ‘Pegasus’ by the DIPOL.”
Additionally, the investigation seeks to determine if the police still have access to Pegasus, and under which legal constraints it is used.
Ernesto Macías Tovar, former president of Congress, declared that President Petro’s announcement is a smokescreen because “a government cannot make transactions in cash; less so to another government.” This was reshared on X by former President Iván Duque, who has not released a statement of his own as of yet.
The United Nations Human Rights Office in Colombia stated, “the use of Pegasus gravely violates the rights to privacy, freedom of expression and association, among other human rights.”
NSO Group Technologies Limited and Pegasus
NSO Group develops technologies to help government agencies detect and prevent terrorism and crime, as per their website. According to the company, their products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror. One of these products is Pegasus.
The earliest version of the software was discovered by researchers in 2016 when they uncovered infected cell phones, according to The Guardian.
NSO came under fire in 2021 after a massive data leak revealed that Pegasus was used to target activists, journalists and political leaders globally, according to Amnesty International. The Pegasus Project, a collaboration by more than 80 journalists from 17 media organizations in 10 countries, conducted forensic tests on mobile phones to identify traces of the spyware.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology … They paint a picture of legitimacy, while profiting from widespread human rights violations,” stated Amnesty International at the time.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology … They paint a picture of legitimacy, while profiting from widespread human rights violations,” stated Amnesty International at the time.
Pegasus can be installed on a phone through vulnerabilities in apps, or by tricking a target into clicking a malicious link. Once installed, the software can harvest any data from a device and transmit it back to the attacker, including text messages, pictures, and data obtained from activating the phone’s camera or microphone, according to The Guardian.
As per the newspaper, NSO’s response to the Pegasus Project denied all claims, labeling them as misleading interpretations of leaked data from accessible basic information.