Pegasus, developed by Israel’s NSO Group, is no ordinary surveillance tool. Unlike phishing scams or crude malware, Pegasus exploits “zero-click” vulnerabilities: it can infiltrate a smartphone through a missed WhatsApp call or a silent push notification, leaving the victim none the wiser. Once inside, it can read texts and emails, listen to calls, track movements, and even turn on microphones and cameras. It is the perfect ghost. For years, Israel has deployed Pegasus and other spyware against Palestinians, a digital extension of occupation. But Pegasus is also an export — marketed as “counterterrorism” software — and through a web of brokers and local firms, it has seeped quietly into Indonesia.
The paper trail begins in 2017–18. Tender documents show that PT Radika Karya Utama won a Rp149 billion ($9.5 million) contract to supply “Peralatan Intrusi Jarak Jauh Tanpa Jejak” — literally a zero-click remote intrusion system — to the National Police (Polri). Investigators traced the supply chain through Singaporean brokers, including Ataka, who sourced equipment from Q Cyber Technologies, NSO’s Luxembourg affiliate. These layers of intermediaries are by design: a system built to obscure the uncomfortable fact that Israeli surveillance technology was being procured by a country with no diplomatic ties to Tel Aviv.
Nor was NSO alone. Other Israeli outfits left digital fingerprints across Indonesia. Wintego marketed “Helios,” a toolkit capable of extracting data even from encrypted messaging apps like WhatsApp. Intellexa, the consortium behind Predator spyware, registered fake domains that impersonated Indonesian news portals — SuaraPapua.net instead of SuaraPapua.com, Geloraku.id with a familiar logo — to trick users into infection. Candiru, another cyber-arms firm, cloned the left-leaning journal Indoprogress, baiting politically engaged readers into opening poisoned links. These tactics show the insidious subtlety of spyware campaigns: they weaponise trust.
Polri has consistently denied purchasing Pegasus, but admits to procuring other “zero-click intrusion systems.” Officials insist these are legitimate policing tools, not “spyware.” The distinction rings hollow. Pegasus, Predator, Helios — all pierce privacy without consent. Civil society organisations have not been convinced. Indonesia Corruption Watch (ICW), Commission for the Disappeared and Victims of Violence (KontraS), the Alliance of Independent Journalists (AJI), and The Legal Aid Institute for the Press (LBH Pers) have filed formal demands for disclosure. They suspect Pegasus and its cousins were not only bought, but also used for political purposes. Indonesialeaks reported indications of spyware deployment during the 2019 elections, and even claims that databases of LGBT citizens and religious minorities were compiled using Israeli surveillance tools.
The evidence is damning. In 2019, Meta (then Facebook) sued NSO Group in a California court, revealing that 1,223 WhatsApp users had been hacked by Pegasus in just two months. Indonesia ranked seventh on the global victim list: 54 confirmed cases, alongside dissidents in Mexico, India, Morocco, and Bahrain. In 2021, Apple sent official warnings to Indonesian officials — including then–Economic Minister Airlangga Hartarto — that their devices had been targeted by “state-sponsored attackers.” And in 2022, Indonesialeaks reported that four intelligence insiders had confirmed Pegasus’s use by both Polri and the State Intelligence Agency (BIN). One insider admitted outright that he had been asked to operate it.
Meanwhile, watchdog groups have documented patterns of abuse consistent with spyware deployment. SAFENet has logged repeated incidents in which activists’ phones were hacked, followed by the leaking of private photos and conversations. Victims have included labour organisers protesting the Omnibus Law and civil society critics of pandemic management. The sequence is familiar: hack, intimidate, discredit. It matches the global fingerprint of Pegasus-style intrusions, yet Jakarta has never clarified whether the spyware remains in active use today.
The opacity is deliberate. ICW has filed Freedom of Information requests, invoking the 2008 Public Information Disclosure Law, only to be stonewalled by Polri. Officials repeat vague assurances that intrusion systems are used “with warrants,” but refuse to disclose procurement details, vendors, or oversight mechanisms. Parliament has floated draft legislation, but Indonesia still lacks a comprehensive law that would regulate surveillance tools, impose independent oversight, and mandate disclosure. In the absence of such laws, spyware procurement remains buried in tenders, intermediaries, and evasions.
The stakes are not confined to privacy. Pegasus corrodes democracy itself. Indonesians fought hard, after the fall of Suharto, to reclaim their right to speak, protest, and organise. Those rights cannot survive if every journalist fears their phone is bugged and every activist suspects their private life can be weaponized against them. The 2019 elections already raised alarms, with credible reports that spyware was deployed to monitor political rivals and minority groups. Before the 2024 elections, civil society groups warned repeatedly that Pegasus could resurface as a tool to surveil opposition figures and tilt the democratic playing field. Now, with that election behind the country, those questions remain unresolved: was spyware used again, and if so, how deeply did it shape the process? Until Jakarta provides clear answers, Indonesia cannot know whether its democracy has already been compromised.
This is where Prabowo’s UN speech collides with Jakarta’s silence. To stand in solidarity with Gaza means more than condemning Israel’s bombs abroad. It requires dismantling Israel’s digital footprint at home. Pegasus is not just a product; it is part of Israel’s occupation economy. Perfected on Palestinians under blockade, then monetised globally, it carries the logic of occupation wherever it goes: dissent is a threat, minorities are suspects, critics are enemies.
Indonesia cannot claim moral leadership on Palestine while quietly embedding Israeli spyware in its own institutions. Solidarity with Gaza demands consistency. It means acknowledging that Israel’s bombs and its spyware belong to the same machinery of domination — one that levels hospitals in Rafah and haunts smartphones in Jakarta.
That requires action. Parliament must finally enact a binding surveillance law. Procurement contracts, including the 2017–18 Radika Karya Utama tender, must be declassified. Civil society demands for disclosure — from ICW to AJI — must be honoured, not brushed aside. Telecommunications providers must harden their systems against infiltration. And Prabowo himself, if he is to match his words with deeds, must order an independent inquiry into whether Pegasus, Predator, or Helios remain in use by Polri or BIN.
The global warning signs are unmistakable. Pegasus was used to track the circle of murdered Saudi journalist Jamal Khashoggi. It spied on Thai student activists, Moroccan dissidents, Hungarian opposition politicians. Indonesia is already on this list, with at least 54 confirmed victims. The question is whether Jakarta will remain there — or act decisively to purge spyware born of occupation.
Prabowo’s UN speech was powerful. But unless his government confronts Pegasus directly — naming it, banning it, and holding accountable those who smuggled it in — Indonesia’s solidarity with Palestine risks sounding hollow. The shadow of Pegasus is not just a technical issue. It is Indonesia’s moral test.
No comments:
Post a Comment