South Africa’s Ramaphosa listed as Rwanda spyware target

South Africa’s Ramaphosa listed as Rwanda spyware target

South African President Cyril Ramaphosa has shown up as a target of potential surveillance by Rwanda in the Pegasus spyware case. Given the two countries’ difficult relationship, this isn’t a surprise.

The Pegasus Project, an investigation by a consortium of international media and NGOs, has revealed how the Pegasus spyware of Israeli company NSO Group was abused by government clients to spy on journalists, activists and politicians.

The targets also include current and former presidents and prime ministers.

They appeared on a list of around 50,000 phone numbers that were apparently specified as belonging to persons of interest by NSO clients.

The leak showed that least seven African countries were among these clients, including Togo, Morocco and Rwanda.

Of these, Rwanda has reportedly been one of the more enthusiastic users of the Pegasus spyware, which can record phone calls and read texts and emails, access photographs and passwords, and secretly activate microphones and cameras to make audio and video recordings.
Rwanda’s targets for cyberspying

The government of President Paul Kagama had apparently put more than 3,500 phone numbers on the list since 2016, according to the leak.

Rwanda denies using Pegasus software.

“These false accusations are part of an ongoing campaign to cause tensions between Rwanda and other countries, and to sow disinformation about Rwanda domestically and internationally,” Rwanda’s government said in a statement to the Pegasus Project team.

One name on the leaked list pinned to Rwanda stands out: South African President Cyril Ramaphosa.

On Wednesday, the South African government was quick to react to the news, announcing that it had tasked its intelligence agencies with investigating whether Ramaphosa’s personal mobile phone was hacked.

“Of course, we will not be happy that we have been targeted because we believe that not only infringes on the privacy of the president but also infringes on the sovereignty of this country to make its own decisions without other countries trying to preempt those decisions and influence them and also try to undermine those decisions,” acting Minister in the Presidency Khumbudzo Ntshavheni told reporters.

The government disapproved of “unacceptable means” rather than diplomatic channels to acquire information on South Africa, she said.

But cybersecurity expert Andy Mashaile was scathing in his criticism of South Africa’s security precautions.

“Those who look after the president were supposed to have known,” he told South Africa’s national broadcaster, SABC, on Thursday.

Why did Ramaphosa’s number come up?

The Guardian newspaper, a partner in Pegasus Project investigation, reported that Ramaphosa’s personal mobile phone seemed to have been selected by Rwanda in 2019.

Relations between South Africa and Rwanda had been strained for years before that.

The diplomatic spat between the two countries was triggered when Patrick Karegeya, Rwanda’s former spy boss and a critic of President Paul Kagame, was found strangled in Johannesburg hotel room in 2014.

The countries traded diplomatic expulsions in the years that followed amid accusations that Rwanda continued to target dissidents in South Africa.

But in June this year, their foreign ministers met in Pretoria to restore their relations.

At this stage, it’s still unclear what Rwanda hoped to achieve by digitally spying on Ramaphosa.

“It’s difficult for us to say what [Rwanda] wanted or why they were doing it. But the bottom line is that Rwanda is one of the clients of the NSO Group,” Shenilla Mohamed, the executive director of Amnesty International South Africa, told SABC news.

“Heads of states and governments have all sorts of issues that they don’t want to be made public,” Mohamed said.

Professor Jane Duncan, an author and expert on state surveillance, told DW that it was to be expected that Ramaphosa, a leader with considerable influence in Africa, would be targeted. “It does raise several questions though. Did the SSA [State Security Agency] use any and all technical means to sweep his devices for hacks, and to address hacks when they occured?”

The capabilities to detect spyware such as Pegasus do exist, she said.

“Why have democratic governments not done more to ban the trade in commercial intrusion spyware, which is grossly underregulated across the world? Spytech such as Pegasus is a weapon, and such weapons will only stop being abused if the profit motive around their manufacture and sale is removed.”
Ramaphosa’s other intelligence debacle

The Pegasus spy report comes at a bad time for Ramaphosa, who is dealing with his own domestic intelligence debacle.

Criticism is mounting that Ramaphosa’s government and its intelligence apparatus failed to anticipate the recent widespread riots and looting triggered by the jailing of his predecessor, Jacob Zuma.

On July 13, State Security Agency (SSA) Minister Ayanda Dlodlo went on the defensive: “I want South Africans to rest assured that we did avert a lot. What you see is only a part of what could have happened. So, we were not missing in action as SSA and, I dare say, even the police were not missing in action. We tried our level best under a very difficult situation.”

The SSA is investigating whether former state spies with ties to Zuma instigated the violence. South Africa’s intelligence analysts and experts have been calling the recent chaos an “insurrection” and a deliberate attempt to undermine Ramaphosa.
Who else did Rwanda target?

The phone number for Carine Kanimba, the daughter of Hotel Rwanda hero Paul Rusesabagina, was also on the list, according to the Pegasus Project.

Her father is currently facing terrorism charges in Rwanda after being lured back to Rwanda under suspicious circumstances.

“I am shocked, scared a little anyway, because that means that they had access to all my information, but I am not discouraged because we have managed to expose the tactics of the Rwandan dictatorship,” Kanimba tweeted.

“The Pegasus software costs the Rwandan government millions and the decision to wiretap me, to monitor me, when we know that there are many people in Rwanda who are starving, who need medicine, who need attention, who need this money to survive, the Rwandan government prefers to wiretap me.”
Togo also uses Pegasus

In Togo, social justice activist and Catholic priest Pierre Marie Chanel Affognon also came under Pegasus surveillance.

“If citizens and religious people are seen as a potential danger to the nation, I believe that this is something that needs to be rectified,” he told DW.

“And then, we can’t minimize the cost of this software,” he said. “What has it cost the Togolese taxpayer? A measure of justice would be for those who purchased this software to reimburse the sum to the Togolese state and invest the fund in the social system.”

As the debate around Pegasus gathers momentum, the freedom of expression advocacy network IFEX notes that the Israeli spyware is by no means the only malware in use in Africa.