Uganda: An attempted hacking of US embassy officials’ phones heightened tensions in the diplomatic community.
The news last week that Ugandan security attempted to hack into the phones of US embassy officials has heightened tensions in the diplomatic community and prompted concerns about the safety of Uganda’s banking sector.
The Financial Times reported on December 21 that Ugandan security employed Israeli spyware called Pegasus to hack into the phones of 11 US embassy personnel, but the effort failed as Apple sent out alerts after the iPhone manufacturer found and fixed a hole in its operating system in November.
According to the article, NSO has always informed its clients that US phone numbers are not permitted. The targets in this instance, however, were using Ugandan phone numbers, but the breach was thwarted because they had Apple logins using their US State Department addresses.
As a consequence, the US government banned NSO Group Technologies, the Israeli technology firm behind Pegasus, which gave malware to the Ugandan government.
Several diplomatic sources, who requested anonymity, told The Observer that they are assessing their security measures in light of the development but are unable to comment freely owing to the sensitivity of the situation.
“We know that eavesdropping is a necessary aspect of government survival, but we are startled at the level to which they [the Ugandan government] conduct it,” a diplomatic source said.
“Who knows, our systems and phones could have already been hacked, and we’ll need some guarantees [from Uganda] the next time we meet.”
Despite the US blacklist, it is unknown if the government is still using the Pegasus spyware for other reasons.
According to the Financial Times, the contract to acquire Pegasus malware was purportedly negotiated two years ago by Gen Muhoozi Kainerugaba, the first son and head of the UPDF Land troops, and Shalev Hulio, the chief executive of the NSO.
Gen Muhoozi was the top presidential advisor for Special Operations at the time. According to the report, Uganda spent between Shs 35 billion and Shs 70 billion on spyware, which is also employed by Rwanda and other Middle Eastern nations.
According to a senior government official who requested anonymity, NSO’s blacklisting had no effect on its activities in Uganda.
“The United States possesses the world’s largest espionage network, and it is within our rights to defend ourselves by recognizing any suspect information.” We will continue to employ all methods necessary to safeguard our country’s sovereignty, including hacking, since everyone does it.
He also suggested that the recent sanctioning of Maj Gen Abel Kandiho, the Chief of Military Intelligence (CMI), by the US might be connected to the hacking.
“He [Kandiho] is essentially assigned to collect military information, and in this fast-advancing tech and cyber world, you never take any risks on any alleged danger, even if it means knowing what your buddy is doing,” he remarked sarcastically.
The US has recently boosted its influence in Ugandan politics, often engaging with major opposition politicians for high-level discussions. Meanwhile, doubts remain about what this new step implies for US-Uganda relations after the sanctioning of numerous important officials in the administration.
Kandiho joined Gen. Kale Kayihura on the sanctions list, while other military leaders on the US watch list include Lt. Gen. Peter Elwelu, Maj. Gen. James Birungi, Maj. Gen. Don William Nabasa, Maj. Gen. Steven Sabiiti Muzeyi, AIGP Frank Mwesigwa, and Col. Chris Serunjogi Ddamulira.
Meanwhile, the blacklisting of NSO has prompted new worries in Uganda’s banking industry, which relies heavily on Pegasus technology for financial and billing solutions for businesses. Banks, telecommunications companies, and utilities are among them.
An industry expert, however, has allayed concerns that the Pegasus spyware employed in hacking is not the same as Pegasus technology.
“There is no reason to be concerned since these are two separate institutions that function in distinct ways,” said an unnamed Finance Ministry official.
Some people, though, are concerned about their privacy.
“If the parent firm is engaged in eavesdropping, you can’t tell me that the localized one isn’t,” remarked an unnamed telecom official.
This anxiety arises from the night of October 3, 2020, when unidentified hackers got into Pegasus Technologies’ mobile money systems and stole around Shs 20 billion in only a few hours. Among those impacted were Stanbic Bank, Airtel, and MTN Uganda.
The companies said in a joint statement that Pegasus Technologies encountered a system problem that disrupted bank-to-mobile money transfers. Alvin Mugerwa, a Stanbic bank employee, was accused of hacking, and the matter is currently being heard in court.
Pegasus Technologies Limited, an indigenous Ugandan firm, acquired a license from the Bank of Uganda to operate as a Payment Service Operator in October 2021. (PSO). Attempts to contact Ronald Azairwe, the managing director of Pegasus Technologies, were useless.