Cyber-security researcher discredits accusations against Morocco for use of Pegasus
"Only a thorough analysis of the physical phone can detect spyware,"
The American expert in cyber-security, Jonathan Scott, pointed out, Friday in Tangier, “the methodological and scientific flaws” inherent in the approach adopted by Citizen Lab, Amnesty International and Forbidden Stories which led to the adoption of conclusions that “are more allegation than science” regarding the alleged use of Pegasus software by some countries.
At a hearing before the National Commission for the Supervision of Personal Data Protection (CNDP), Mr Scott, who published the report “Exonerating Morocco – disproving the Spyware” on 18 February, said that Citizen Lab’s allegations were “totally unfounded” and “lacked the most basic elements of scientific proof”.
In a meeting with the press, the US expert pointed to what he described as “serious flaws” in Citizen Lab’s analysis, which formed the basis of Amnesty International’s investigation into the Pegasus case.
In one case, he said, the investigation was based on the analysis of an iCloud backup from the alleged victim’s phone. However, such a backup can never provide sufficient and conclusive evidence to detect the presence of any spyware.
“Only a thorough analysis of the physical phone can detect spyware,” he said, noting that Amnesty International itself has acknowledged that iCloud backups can be corrupted in such a way as to make it appear after the fact that spyware has been installed in a Smartphone.
“Morocco is being accused of serious acts and denied the means to defend itself, namely the opportunity to examine the evidence,” he argued. Scott also noted that Citizen Lab deployed its own tool, known as “MVT”, to detect the presence of Pegasus in backup samples of alleged victims’ phones.
Using this same software, the American expert demonstrated that its effectiveness was highly questionable. And for good reason, MVT deploys a kind of scanner to find keywords in the phone’s backup. “Except that these keywords are often from applications native to the phone or downloaded from the AppStore and have no connection with the Pegasus software,” Scott pointed out.
To back up his claims, the US expert even created his own App, downloaded it to an iPhone before it was detected as Pegasus software by MVT. Worse still! When Amnesty International found that its MVT tool was flawed and tended to confuse normal phone use with spyware, the organization was quick to remove so-called “false positives” from its reports without warning the public.
“Fortunately, we have archived versions of Amnesty’s reports that have allowed us to detect these changes,” he said, lamenting the fact that the media that have reported Amnesty’s accusations have not bothered to warn the general public about these aberrations.
In describing the work of Citizen Lab and Amnesty International, Mr Scott does not mince words. “This is irresponsible science, dangerous science, if you can call it science. And he concludes: “There is not a shred of evidence implicating Morocco”.