Cambridge University drops $548 million partnership with UAE over hacking

University broke off talks on establishing an innovation institute over allegations that United Arab Emirates (UAE) used the controversial Pegasus software to spy on journalists, human rights activists.

The university was in talks with Emirates to enter a decade-long partnership, The Guardian reports. The potential 'strategic partnership' worth £400 million ($548 million), the largest in Cambridge's history, was canceled over the Gulf States' spying activities.

Media reports that the UAE was responsible for selecting hundreds of UK numbers to be spied on using Pegasus software, the controversial spyware developed by the Israeli company NSO group.

An investigation published in July revealed that authoritarian regimes use Pegasus to spy on political opponents. Data from the 50,000 leaked numbers included information from more than 180 journalists, covering major outlets, such as CNN, the New York Times, France 24, and more.

Who are its users? At least ten governments: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates (UAE). Three countries looked up the majority of the numbers. Mexico had 15,000 requests, while Algeria and the UAE had 10,000 requests, respectively.

How does Pegasus spyware work?

Pegasus is RAT (Remote Access Trojan) that can gain access to pretty much every consumer phone: even the most up-to-date iPhone and Android models.

Back in the day, it was much less powerful. Just in 2016, Pegasus was pretty rudimentary. Using a spear-fishing technique, it simply tried to trick the targets into clicking a malicious link.

But it's not as simple anymore. Now, Pegasus can go through a device with a "zero-click" attack, meaning it does not require any interaction from the phone's owner to be installed. One of the most common ways to get the data is to exploit a zero-day vulnerability, which happens when an early version of the updated software still includes some exploitable bugs.

Very popular targets for the software were WhatsApp or iMessage – because of how popular they are. In iMessage's case, it even comes preinstalled on every iPhone.

If neither of these options works, Pegasus can be installed over a wireless receiver placed next to a target or manually installed if the agent gains access to the target's phone.

From there, Pegasus has harvested pretty much all the information placed on the phone. That means your SMS messages, address books, emails, calendars, calls, browser history, passwords, and social media are all available.

More from CyberNews

Tech giants endlessly exploit our data. Who will put an end to it?

Who let the ‘bugs’ out? It’s probably not who you think

Scammers impersonate e-signature service DocuSign to steal credentials

VirusTotal’s first Ransomware Activity Report: the stakes are getting higher

New ransomware family, Yanluowang, found by researchers

Subscribe to our newsletter