Uganda’s security agencies are amongst the most active purchasers of spyware across the global murky world of surveillance.
Specifically, the Uganda police and other intelligence agencies have purchased spyware and malware from Israel’s NSO Group, and NICE systems, Italy’s Hacking Group, Germany’s Gamma GmbH and Indonesia’s First Wap, among others, subjecting civilians caught in the crosshairs to military-grade spyware.
Israel, Italy and India, provide the bulk of spyware supplies across the globe, according to a September 2024 report by Atlantic Council.
The Israeli firm, which vends the Pegasus spyware, has been accused of facilitating the targeting of journalists, human rights activists, lawyers and the opposition resulting in egregious abuses across the world.
In December 2021, Apple Inc. notified 11 U.S. State Department employees in Uganda that their iPhones were hacked, and investigators linked the attack to spyware developed by NSO Group.
Pegasus allows its users complete access to a target’s phone and the spyware can read messages, including encrypted ones; swipe through photos, videos, emails, contacts; activate the phone’s camera and microphone at will, turning it into a bug; and record phone calls.
In the aftermath of the attack, which sources claim targeted the US envoy to Uganda, Natalie E. Brown, the Uganda government reached an agreement with the US to halt the deployment and usage of the Pegasus spyware.
Digital surveillance technologies, which include spyware, are known as dual-use goods, meaning they can be used for both defence and civilian purposes, and can be used as a legitimate law enforcement and intelligence tool. However, repressive and authoritarian governments often use spyware to target regime opponents, journalists and civil society activists.
The purchase of spyware is usually conducted through secrecy and a classified vote. The Financial Times, a UK-based publication in December 2021, reported that in February 2019, “an Israeli woman sat across from the son of Uganda’s president, Gen Muhoozi Kainerugaba, and made an audacious pitch — would he want to secretly hack any phone in the world?” By then, Muhoozi— the heir-apparent to his father—was serving as a senior presidential advisor on special operations of the political dynasty.
A few months after the initial approach, NSO’s chief executive, Shalev Hulio, reportedly landed in Uganda to seal the deal, according to two people familiar with NSO’s East Africa business. Hulio, who flew the world with the permission of the Israeli government to sell Pegasus, liked to demonstrate in real time how it could hack a brand new, boxed, iPhone. A person familiar with the transaction said it brought in between $10m and $20m.
But for a poor country like Uganda, $20 million, which is the equivalent of UGX74 billion can significantly boost school attendance, enhance nutrition for over 220,000 children, and empower local smallholder farmers. This funding can support multi-year, locally-sourced school feeding initiatives for three years, and improve social protection, particularly in high-need areas like the Karamoja sub-region, while helping children stay in school.
According to the Financial Times, but for NSO, the Israeli company that created Pegasus, this dalliance into East Africa would prove to be the moment it crossed a red line, infuriating US diplomats and triggering a chain of events that would see it blacklisted by the commerce department, pursued by Apple, and driven to the verge of defaulting on its loans, according to interviews with US and Israeli officials, industry insiders and NSO employees.Uganda’s neighbour, Rwanda, had also relied on Pegasus to hack phones inside Uganda, the report revealed.
2011 covert operation
Earlier on, a Ugandan team travelled to the German city of Munich and the capital of the Czech Republic, Prague, in 2011 to procure an intrusive spyware to run an elaborate covert operation, which, among others, was deployed to nip in the bud the walk-to-work protests, which were launched four months after the 2011 presidential election by the opposition doyen, Kizza Besigye. The identities of the Ugandan security team were first revealed by a UK-based non-profit organisation, Privacy International.
The Ugandan team included Nelson Gilbert Rwantale, Brig. Michael Bbosa, the former ICT Director of the Ugandan army, Brig. Charles Oluka, who was at the time of the purchase was a Colonel and later appointed as a spy-Tsar heading the Internal Security Organisation (ISO), and Amos Ngabirano, the former police ICT director. Of the four men, only two are alive after Bbosa and Oluka died in 2021 and 2025, respectively.
Ngabirano, formerly a civilian who was recruited into the force as an IT expert and quickly ascended the ranks to become an assistant Inspector General of Police, was a protégé of the former Inspector General of Police, Gen Kale Kayihura. He fled the country to the United Kingdom in 2018 at the peak of investigations targeting his boss. Shortly after he was fired in 2018, Kayihura was accused of involvement in the assassination of the former Assistant Inspector General of Police, Andrew Felix Kaweesi, and for carrying out acts of espionage on behalf of the neighbouring state, Rwanda. Kayihura was later freed by the General Court Martial (GCM) in August 2023.
Using First Wap
The Ugandan team also attempted to acquire malware from Indonesia—First Wap, which is capable of geolocating and infecting devices, including phones and laptops.
A 2015 report by the US publication, Buzzfeed, revealed that the Israeli company NICE Systems, along with the Italian company Hacking Team, were involved in supplying spyware to different countries — including Uganda — which according to correspondences published by Wikileaks, made use of the technology to track LGBT activists.
NICE is an Israeli company that was founded in 1986 by a group of former soldiers belonging to Israel’s elite Unit 8200, part of the IDF’s intelligence corps. Before the company began creating products for the civilian market, it worked on developing communications systems for security industries and intelligence services.
Hacking Team is an Italian company that provides information gathering solutions for government bodies. The company created a programme for intelligence gathering, which is installed directly on any electronic device. On its website, Hacking Team says it does not export its intelligence gathering technology to anyone who will use it to violate human rights.
Spyware vendors
According to the Atlantic Council report entitled Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights, it addresses the gap in contemporary public analysis on spyware proliferation, pulling back the curtain on the connections between 435 entities across 42 countries in the global spyware market from 1992 to 2023. These vendors exist, the report notes, “in a web of relationships with investors, holding companies, partners, and individuals often domiciled in different jurisdictions.”Uganda is amongst 80 countries known to have procured spyware from commercial vendors. The Israeli cluster consists of eight vendors (NSO Group, Saito Tech— formerly Candiru Ltd, Cognyte, Paragon Solutions, MerlinX, Quadream Inc./InReach Technologies Limited, Blue Ocean Technologies, and Interionet.) This cluster comprises 43.9 percent of the entities in the dataset that the Atlantic Council relied on to generate its report.
The Indian cluster consists of five vendors, including Aglaya Scientific Aerospace Technology Systems Private Limited, Appin Security Group, BellTroX Infotech Services Private Ltd., CyberRoot Risk Advisory Private Limited, and Leo Impact Security Service PVT Ltd.) as well as one supplier (RebSec Solutions). This cluster covers 7.8 percent of the entities in the data set.
The Italian cluster consists of six vendors (Dataflow Security s.r.l., DataForense s.r.l., Memento Labs srl—formerly Hacking Team srl or Grey Heron, Movia SPA, Negg Group/Negg International s.r.l., and RCS ETM Sicurezza S.p.A.) and one supplier (VasTech). This cluster includes 13.6 percent of all entities in the dataset.
Spyware vendors have sometimes partnered with hardware-based surveillance companies whose products might complement the functionality of their spyware tools, the Atlantic Council report observes. “We have identified nine vendors or suppliers known to have at least one partner, with at least five vendors partnering with at least one hardware company,” the Atlantic Council report reads.