Pegasus is a spy software from the Israeli company NSO Group which has been used to spy on politicians, activists and journalists around the world. Journalists from 17 publications, including The Guardian and the Washington Post, have launched an investigation into the use of the software.
More than 180 journalists from all over the world (CNN, NYT, AP, Reuters, etc.) are among the victims. It was used by states, in particular, the head of Hungary, Viktor Orban, and the authorities of Saudi Arabia. In total, the list of victims includes more than 50,000 telephone numbers. The spy service hacked subscribers’ smartphones and, as a result, made it possible to download any information from their device and control the phone, while for the infection it was enough for the victim to simply click on the malicious link.
— Edward Snowden (@Snowden) July 18, 2021
Former CIA and US National Security Agency officer Edward Snowden has already tweeted that the NSO Group story will be the highlight of the year. In his opinion, the spyware company “should be directly criminally liable for the death and detention” of people whose data was hacked using its software.
Whao developed Pegasus?
NSO Group Technologies is the Israeli spyware technology company Pegasus. They allow you to remotely monitor smartphones.
The company was founded in 2010, its founders are ex-employees of Unit 8200, which is related to Israel’s electronic intelligence. Unit 8200 is particularly concerned with the collection and decoding of electronic information and other similar operations.
The first financial investments in the company came from a group of investors led by Eddie Shalev, a partner of the Genesis Partners venture capital fund. The group invested $ 1.8 million in the company by purchasing 30% of its shares. She later began receiving orders from states. In 2012, the Mexican government signed a $ 20 million contract with the NSO. The New York Times under investigation found out that the NSO product was used to harass journalists and human rights defenders in the country.
Who is using Pegasus and why?
You need a license to use Pegasus. It is issued by the Israeli Ministry of Defense, and only states, not individuals or companies, can obtain permission to use this spy software.
Early versions of the Pegasus were used to spy on the phone of drug lord Joaquin Guzmán, known as El Chapo. In 2011, Mexican President Felipe Calderón personally thanked the company for its role in capturing the head of the drug cartel.
On August 25, 2016, cybersecurity companies Citizen Lab and Lookout reported that Pegasus was used to attack human rights defender Ahmed Mansour in the UAE. Mansour himself told Citizen Lab researchers Bill Marchak and John Scott-Railton that his iPhone 6 was attacked using a malicious link sent in an SMS message on August 10, 2016.
It was later revealed that Mexican journalist Rafael Cabrera was also targeted by Pegasus. According to the same source, the software may have been used in Israel, Turkey, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria and Bahrain. There are no Russian journalists or activists on the list of victims.
How is Pegasus developing?
This June, the wife of a political activist imprisoned in Morocco, Naama Asfari received iMessage on iPhone 11 with a link to a third-party site. As the forensic medical examination of Amnesty International found out, after the transition through it, the NSO Group software penetrated the device. This was enough for the owner of the software to start tracking the victim.
The earliest discovered version of Pegasus was found in 2016. The scheme was the same – the victims were sent text messages or emails, the content of which encouraged them to click on the sent malicious link. This was enough for the spy software to penetrate the smartphone and be activated.
The NSO program is being improved. Pegasus infection can be successful even if no action is required from the owner of the mobile device.
The software can exploit zero-day vulnerabilities, these are errors in the operating system that the smartphone manufacturer does not yet know about and therefore cannot prevent the threat. This means that even the most careful and security-conscious mobile phone user cannot prevent an attack, no digital hygiene rules will help.
“The question that is asked me almost every time we conduct a forensic medical examination is:“ What can I do to prevent this from happening again? ” The honest answer is nothing, ”says Security Lab employee Claudio Guarnieri.
In 2019, WhatsApp reported that NSO software had infiltrated over 1,400 phones using zero-day vulnerabilities. By simply sending a WhatsApp call to the target device, the attackers infected the victims’ smartphones with the malicious Pegasus code, even if it did not answer the call.
Most recently, NSO began exploiting vulnerabilities in Apple’s iMessage, which gives it access to hundreds of millions of iPhones. Apple says it is constantly updating its software to prevent such attacks.
How does Pegasus work?
The software enters the device in four ways:
- By SMS
- By WhatsApp
- By iMessage
- With the help of some other messenger
What types of data does Pegasus collect when infecting a smartphone:
- WhataApp chats
- Photo and video
- Listening with a microphone
- Covert video recording from the rear and front cameras
- Call recording
- GPS movement data
- Calendar entries
- Contacts in a notebook
“When an iPhone is hacked, the software makes it so that the attacker gets Root rights (with them he has the right to perform all operations without exception – approx. IGuides). As a result, Pegasus has more rights than the owner of the device, ”explains Claudio Guarnieri.
NSO designed the software to be difficult to detect, and Pegasus infestations are extremely difficult to detect. Cybersecurity experts suspect that more recent versions of Pegasus reside only in the phone’s temporary memory and not on the hard drive, which means that after the phone is turned off, almost all traces of it disappear.
In particular, accusations of negligence and even pandering to states are accused of manufacturers of operating systems for smartphones Apple and Google. Apple cybersecurity developer Ivan Krstic spoke out about the incidents and responded to the company’s allegations:
“Apple unreservedly condemns cyberattacks against journalists, human rights defenders and others seeking to make the world a better place. For over a decade, Apple has been a leader in cybersecurity, and as a result, researchers in the field agree that the iPhone is the most secure and secure consumer mobile device on the market. These attacks are highly sophisticated, cost millions of dollars, often have a short shelf life, and target specific individuals. This means they do not pose a threat to the majority of our users, yet we continue to work tirelessly to protect all of our customers and we are constantly adding new protections to their devices and data. ”
The Pegasus story has shown that nothing has changed since the Snowden revelations in 2013. States still want to control everything using smartphones.