Trending Now
We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Why privacy is priceless
If someone were to get a few pictures off your phone without your permission, what's the big deal, right? Don't be so blasé, says human rights attorney David Haigh, who was prominently targeted with the powerful Pegasus spyware in 2021.
"If someone breaches your private life, that is a gateway to very, very serious breaches of other human rights, like your right to life and right to all sorts of other things," he said. "That's why I think a lot of governments and public sector don't take things as seriously as they should."
Right now, he says, dictators can buy your privacy, "and with it, your life."
Haigh spoke with Eurasia Group Senior Analyst Ali Wyne as part of “Caught in the Digital Crosshairs,” a panel discussion on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full Global Stage conversation: The devastating impact of cyberattacks and how to protect against them
- Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals - GZERO Media ›
- Podcast: How cyber diplomacy is protecting the world from online threats - GZERO Media ›
- Podcast: Foreign Influence, Cyberspace, and Geopolitics - GZERO Media ›
- Podcast: Cyber mercenaries and the global surveillance-for-hire market - GZERO Media ›
How cyberattacks hurt people in war zones
They may not be bombs or tanks, but hacks and cyberattacks can still make life miserable for people caught in the crosshairs of conflicts. By targeting key infrastructure and humanitarian organizations, warring governments can deny crucial services to civilians on the other side of no-man's-land.
And just like with conventional weapons, there can be collateral damage, said Stéphane Duguin, CEO of the Cyber Peace Institute. "We have 53 countries in the world targeted by these attacks across 23 sectors of critical infrastructure or essential services," he said. "At the end of the day, you end up having civilians who cannot benefit from essential services because of what has been escalated into another part of the world."
The perpetrators are often not centrally directed either, and may be located all over the world, complicating enforcement efforts. Hear more about what he said about the problem to Eurasia Group Senior Analyst Ali Wyne in a panel discussion which capped “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full panel discussion: The devastating impact of cyberattacks and how to protect against them
Why snooping in your private life is big business
Kaja Ciglic, senior director of digital diplomacy at Microsoft, said, "cybersecurity is the defining challenge of our time" amid a spike in misinformation campaigns thanks to wars in Ukraine and Gaza, growing interest from governments in building cyberweapons, and plain old profit-motivated thieves.
"We are seeing private sector enterprises that, effectively, are selling services, products that allow their customers to break into, whether it's a personal account, whether it's into an organization's account," she said. "The cyber mercenary market that is also emerging is also a very strong concern for Microsoft."
Learn more about what they are doing to solve the problem in Kaja's chat with Eurasia Group Senior Analyst Ali Wyne as part of “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full conversation: The devastating impact of cyberattacks and how to protect against them
How rogue states use cyberattacks to undermine stability
Cyberattacks are about a lot more than just money these days. Both unscrupulous governments and extremist groups are increasingly using hacking to advance political aims, says Kaja Ciglic, senior director of digital diplomacy at Microsoft.
When the International Committee for the Red Cross or International Court of Justice experiences cyberattacks, she said, "These are all organizations that are trying to defend peace and stability, they're trying to advocate for all of our human rights." The fact that unscrupulous governments are spending taxpayer money to purchase tools that interrupt their work, she noted, is worth taking a stand against.
Ciglic spoke with Eurasia Group Senior Analyst Ali Wyne in a panel discussion for “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full Global Stage conversation: The devastating impact of cyberattacks and how to protect against them
The devastating impact of cyberattacks and how to protect against them
Imagine one day you found out someone had hacked your phone. What would that mean for your life? With the right software, the bad guys might be able to get into your bank account, surveil your messages, or even steal your fingerprints and facial scans.
That's what happened to human rights attorney David Haigh, who became the first-known British victim of the powerful Pegasus spyware in 2021 while trying to help women of Emirati and Jordanian royalty escape alleged abuse. He learned that his phone was under surveillance – so his communications and the information stored on the device were compromised.
Two years on, he still lives in fear for the privacy of his loved ones and clients. "The police have done nothing,” he says. “There's no support from the government. There's no real information.”
Emerging technologies threaten to make the already-bleak cybersecurity environment all the more treacherous, opening new avenues of attack that could cost countries, companies, and individuals dearly without proactive measures.
Eurasia Group Senior Analyst Ali Wyne moderated a discussion on cybersecurity as part of “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute. The discussion focused on the blurring lines between attacks on governments and the private sector.
Wyne spoke with Kaja Ciglic, senior director of digital diplomacy at Microsoft, who referred to cybersecurity as “the defining challenge of our times.” The wars in Ukraine and Gaza have coincided with spikes in both cyberattacks and misinformation campaigns, which Ciglic called “harrowing examples of what can happen and how people can use technology to manipulate others into actions.”
Even in peacetime, states are investing in capabilities that can target critical infrastructure, schools, and hospitals, preparing for a new dimension of conflict. And in the private sector, hackers are exploiting lagging private-sector preparedness to grow and evolve.
Hacking is big business, with companies specializing in helping clients break into accounts. While these are usually about making financial gains, says Stéphane Duguin, CEO of the Cyber Peace Institute, his organization has seen a marked shift over the past two years. Since the Russian invasion of Ukraine, the institute has tracked a marked increase in attacks on humanitarian organizations, even those that have little to do with the conflict.
“At the end of the day, you end up having civilians who cannot benefit from essential services because of what has been escalated into another part of the world,” he said.
The attacks impact organizations more profoundly than one might think. Bonnie Leff, senior vice president of corporate security at MasterCard, said that when one suffers a cyber attack, “the impact to an NGO can really almost shut it down.” It leaves organizations unable to pay staff or run programs and can damage their reputation with donors, leaving them worse off in the long term.
- Hackers, innovation, malice & cybercrime ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals ›
- The threat of CEO fraud and one NGO's resilient response ›
- Hacked by Pegasus spyware: The human rights lawyer trying to free a princess ›
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- How cyberattacks hurt people in war zones - GZERO Media ›
- How rogue states use cyberattacks to undermine stability - GZERO Media ›
- Why snooping in your private life is big business - GZERO Media ›
Hacked by Pegasus spyware: The human rights lawyer trying to free a princess
In April 2021, David Haigh, a human rights lawyer who'd been fighting to free Dubai’s detained Princess Latifa, received a shocking notification from investigators at The Guardian and Amnesty International: his phone was likely infected with Pegasus spyware. Forensic analysis confirmed that Haigh was the first confirmed British citizen to be hacked by Pegasus, a military-grade spyware created by Israel’s NSO Group that’s licensed to governments all over the world and used for covert surveillance.
Haigh was targeted by a foreign government, likely the ruler of Dubai, but his story isn’t unusual: Over 80% of all internet users are infected with some form of spyware, according to the US National Cyber Security Alliance. GZERO spoke with Haigh, as well as cybersecurity expert Kimberly Ortiz from Microsoft for the first episode of “Caught in the Digital Crosshairs: The Human Impact of Cyberattacks,” a new video series on cybersecurity produced by GZERO in partnership with with Microsoft and the CyberPeace Institute.. Ortiz volunteers for the Insitute and its CyberPeace Builders Program, an organization that provides free cybersecurity assistance, threat detection, and analysis to NGOs and other critical sectors while advocating for safety and security in cyberspace.
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- Hard Numbers: Thais come clean on Pegasus, Salvadoran emergency extended, Tunisian pol questioned, Chinese boycott mortgages ›
- What We're Watching: Dry China, UK inflation forecast, Pegasus spyware shakeup ›
- Digital peace: Trust and security in cyberspace ›
- Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals - GZERO Media ›
- Podcast: How cyber diplomacy is protecting the world from online threats - GZERO Media ›
- Podcast: Foreign Influence, Cyberspace, and Geopolitics - GZERO Media ›
- Podcast: Cyber mercenaries and the global surveillance-for-hire market - GZERO Media ›
- The devastating impact of cyberattacks and how to protect against them - GZERO Media ›
- Would the proposed UN Cybercrime Treaty hurt more than it helps? - GZERO Media ›
Spyware concerns prompt US Congress to move toward sanctions
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
After years of inaction from lawmakers, there are now louder and louder calls in Congress for sanctions of spyware companies. Even those from Israel, which is remarkable because it has a strong surveillance industry, but also has been a strong ally for the United States.
What is on US lawmakers' sanction list?
Well, a number of members of Congress are calling on the Treasury and state departments to sanction NSO Group, as well as three other companies. And they're responding to the growing alarm about human rights abuses that these technologies, and so these companies are enabling. Their tools are sold as counterterrorism kits, but instead governments around the world are deploying spyware against critics, journalists, or human rights defenders. Besides the notorious NSO Group, the UAE-based company, DarkMatter, and European companies Nexa Technologies and Trovicor are in focus on Capitol Hill. And it's remarkable that after decades of allowing spyware companies to flourish, the recent revelations of infiltration of the phones of US diplomats, as well as broader concerns over the proliferation of commercial intelligence broker seems to have caused the current tipping point. But my hope is that beyond ad hoc sanctions to individual companies, US lawmakers, along with their partners around the world, will adopt a binding ban on all similar systems, which damage has become completely disproportionate to the shallow promises of security benefits.
US, NATO, & EU condemn China's Microsoft hack; Pegasus spyware leak
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
The US, NATO, and the EU have all condemned China for its hack of Microsoft Exchange servers. What happens next?
Now, the joint statement sends a strong signal, but there are operational steps that need to be clarified. Firstly, why was it possible to hack Microsoft servers at all and how to close the gaps to make software more resilient? Additionally, governments making statements condemning China or others are well-advised to attach consequences to such attributions. Sanctions of the economic, financial or immigration type, as well as restrictions on state-owned enterprises, should all be on the table. Certainly, clear criteria need to be there with regard to responsible behavior and the application of international law in cyberspace.
What do we know about the Pegasus spyware leak?
Now, on the one hand, we have known about the toxic surveillance and spyware market for over a decade. But the Pegasus Project provides new and important insights into the targets of Israeli spyware company NSO Group. It is impossible to consider those targets, journalists, human rights defenders, politicians, even President Macron, to be suspects of terror or crime. But that is how NSO defends the sales of intelligence-grade technology around the world, including to the rulers of Saudi Arabia with their dismal record of human rights violations. So it is now crystal clear that claims stating that these spyware systems are for targeted and controlled purposes are false and that the spyware and surveillance sector is out of control. I can only hope that democratic governments will draw a line and stop this market from running out of control even further once and for all.