The White House National Security Council cautioned on Wednesday that it will review any attempted takeover of foreign commercial surveillance software by an American company to determine whether the acquisition poses a “counterintelligence threat” to the U.S. government.
The statement came in response to reporting from the Guardian revealing that a chewing gum heir and producer of several Adam Sandler movies is considering a bid for the NSO Group, including its powerful Pegasus spyware.
The Biden administration is concerned about the spread of foreign commercial surveillance tools like Pegasus and believes they “pose a serious counterintelligence and security risk to U.S. personnel and systems,” the statement said.
The Hollywood producer, Robert Simonds, was responsible for more than 30 movies that made in excess of $6 billion earlier in his career and more recently had worked as the chairman of STX Entertainment, which Variety calls a “fully integrated entertainment outlet” focused on expanding into emerging global markets on a variety of platforms. Simonds’ credits with Sandler include “Happy Gilmore,” “The Wedding Singer” and “Billy Madison.”
According to the Guardian, Simonds was recently picked to run the Luxembourg-based holding company controlling NSO. Sources told the Guardian that Simonds is considering ways to take over some of the spyware firm’s assets in an effort to give the Five Eyes intelligence partnership of the US, the UK, Canada, Australia and New Zealand exclusive access to the potent technology.
Pegasus and similar tools are being “misused around the world to enable human rights abuses and target journalists, human rights activists, political opposition members, or others perceived as dissidents and critics,” the White House statement said, noting that the Biden administration has launched a government-wide effort to stop Pegasus and other foreign commercial surveillance software from spreading. In March, the administration issued an executive order barring all U.S. government agencies from using the spyware, among other measures.
In its statement the White House also warned that U.S. companies should “be aware that a transaction with a foreign entity on the Entity List will not automatically remove the designated entity from the Entity List.” The list, published by the United States Department of Commerce’s Bureau of Industry and Security (BIS), restricts trade with specified foreigners, foreign entities, or governments. Companies included on the Entity List must meet strict licensing requirements for exports.
NSO has been on the Entity List since 2021. Despite the controversy swirling around the firm, its unprecedented technology has long attracted the attention of investors. Pegasus can hack into users’ phones remotely, activating the camera and microphone without a user knowing, as well as intercept all communications, including over encrypted apps like Signal.
Last July, the American defense firm L3Harris decided not to pursue a bid for NSO after initial explorations led to a backlash from the Biden administration
Security researchers have uncovered fresh malware with hacking capabilities comparable to those of Pegasus, which was developed by NSO Group. The software, which is sold by an Israeli firm named QuaDream, has previously been used by customers to target journalists, political opposition leaders, and an employee of an NGO. The company that makes and sells the spyware is called QuaDream.
NEW REPORT: SWEET QUADREAMS: A first look at #spyware vendor QuaDream’s spy tools, victims and customers. We identified traces of suspected exploit deployed against iOS versions 14.4 and 14.4.2 and possibly other versions as zero-day vulnerability. https://t.co/u7jcxJpu9H
The malware was spread to the victims’ phones when the operators of the spyware, who are thought to be government customers, sent them an invitation to an iCloud calendar. The cyberattacks took place between the years 2019 and 2021, and the term “Reign” is given to the hacking program that was used.
A phone that has been infected with Reign can, similar to a phone that has been infected with Pegasus, record conversations that are taking place near the phone, read messages that are stored on encrypted apps, listen to phone conversations, track the location of a user, and generate two-factor authentication codes on an iPhone in order to break into a user’s iCloud account.
Apple, which has been marketing its security measures as being among the finest in the world, has taken yet another hit as a result of the recent disclosures. It would seem that Reign poses an unprecedented and significant danger to the security of the company’s mobile phones.
The spyware that was built by QuaDream attacks iPhones by having the operators of the malware, who are believed to be government customers, issue an invitation to an iCloud calendar to the mobile users of the iPhones. Since the calendar invites were issued for events that had been recorded in the past, the targets of the hacking were not made aware of them because they were sent for activities that had already occurred.
Since users of the mobile phone are not required to click on any malicious link or do any action in order to get infected, these kind of attacks are referred to as “zero-click” attacks.
When a device is infected with spyware, it is able to record conversations that are taking place nearby by taking control of the recorder on the device, reading messages sent via encrypted applications, listening in on phone calls, and monitoring the position of the user.
The malware may also produce two-factor authentication tokens on an iPhone in order to enter a user’s iCloud account. This enables the spyware operator to exfiltrate data straight from the user’s iCloud, which is a significant advantage. In contrast to NSO Group, QuaDream maintains a modest profile among the general population. The firm does not have a website and does not provide any additional contact information on its page. The email address of Israeli attorney Vibeke Dank was included on the QuaDream business registration form; however, she did not respond to a letter asking for her opinion.
Citizen Lab did not name the individuals who were discovered to have been targeted by clients while they were using Reign. However, the organization did say that more than five victims were located in North America, Central Asia, south-east Asia, Europe, and the Middle East. These victims were described as journalists, political opposition figures, and an employee of an NGO. In addition, Citizen Lab said that it was able to identify operator sites for the malware in the countries of Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan.
In a security report that was published in December 2022 by Meta, the corporation that owns Facebook, the name of the firm was mentioned briefly. The report defined QuaDream as being an Israeli-based startup that was created by former NSO personnel.
At the time, Meta stated that it had removed 250 accounts on Facebook and Instagram that were linked to QuaDream. The company believed that the accounts were being used to test the capabilities of the spyware maker using fake accounts. These capabilities included exfiltrating data such as text messages, images, video files, and audio files.
The discovery of Reign underscores the continuous spread of very powerful hacking tools, even as NSO Group, the developer of one of the world’s most sophisticated cyberweapons, has received intensive investigation and been banned by the Biden administration, likely limiting its access to new clients. NSO Group is the maker of one of the most advanced cyberweapons in the world.
Pegasus is listening: Q&A with Paul Rusesabagina’s daughter Carine Kanimba
You may not recognize the name Carine Kanimba, but you have probably heard of her dad: Paul Rusesabagina. He was the manager of Hôtel des Milles Collines and rather famously decided to shelter some 1,200 mostly Tutsi Rwandans in his hotel during the 1994 genocide in Rwanda. Don Cheadle played him in the movie Hotel Rwanda.
After, Rusesabagina became a superstar ambassador of human rights. He wrote an autobiography about his work during the genocide; President George W. Bush awarded him the Medal of Freedom; and he went on the speakers’ circuit not just talking about 1994 – but criticizing the current government of President Paul Kagame for trampling on human rights.
In August 2020, Rusesabagina boarded a private jet for what he thought would be a trip to Burundi, but instead he was rendered to Rwanda. He’s since been sentenced to 25-years in prison.
Carine Kanimba was on Capitol Hill last week to talk not just about her dad (who adopted sisters Carine and Anaïse shortly after the genocide), but also her recent discovery that she’s been targeted by a commercial spyware program called Pegasus. And she believes the Rwandan government was behind it.
Pegasus spyware is the brainchild of an Israeli company called NSO Group and it has been found on the phones of so many activists around the world it has become a kind of cautionary tale about the commercial spyware industry. It has been linked to the murder of journalist Jamal Khashoggi, discovered on the phones of Mexican opposition leaders, Catalonian politicians, and journalists and lawyers around the world. (In a statement, NSO Group told Click Here that it “thoroughly investigates any claim for illegal use of its technology by customers, and terminates contracts when illegal use is found.”)
The Click Here podcast sat down with Kanimba shortly after her Congressional testimony to talk to her about her role as a human rights advocate, what it is like finding oneself on the receiving end of a spyware campaign, and why she is confident she will win her father’s release. The interview has been edited and shortened for clarity.
CLICK HERE: We wanted to start by saying we’re very sorry about what you’re going through with your father…
NSO Group, notorious makers of the notorious Pegasus spyware, has been in acquisition talks with a huge U.S. government defense contractor you’ve never heard of: L3Harris Technologies, Inc. Doesn’t that give you a warm, tingly feeling inside?
Pictured is Christopher E. “Call Me Chris” Kubasik, L3Harris’s chairman and CEO. He’s no doubt disappointed that the White House put the kibosh on the deal—especially as other bits of the government gave tacit approval (or so we’re told).
But is everything quite as it seems? In today’s SB Blogwatch, we pay attention to the man behind the curtain.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: WINBOOT.AVI
“L3Harris and NSO declined to comment” A team of executives from an American military contractor quietly … in recent months [attempted] a bold but risky plan: purchasing NSO Group, the cyber hacking firm that is as notorious as it is technologically accomplished. … They started with the uncomfortable fact that the United States government had put NSO on a blacklist just months earlier [because it] had acted “contrary to the national security or foreign policy interests of the United States,” the Biden administration said. … But five people familiar with the negotiations said that the L3Harris team had brought with them a surprising message: … American intelligence officials, they said, quietly supported its plans to purchase NSO, whose technology over the years has been of intense interest to … the F.B.I. and the C.I.A. [But news of the] talks to purchase NSO seemed to blindside White House officials, [who] said they were outraged … and that any attempt by American defense firms to purchase [NSO Group] would be met by serious resistance. … While not a household defense industry name … L3Harris earns billions each year from American government contracts. … The company once produced a surveillance system called Stingray. … L3Harris and NSO declined to comment. … A spokeswoman for Avril Haines, the director of national intelligence, declined to comment. … The Commerce Department declined to give specifics about any discussions.
One arm of the government doesn’t know what another is doing? Say it ain’t so! Stephanie Kirchgaessner says it’s so—“US defence firm ends talks to buy NSO”:
“Definitive pushback” A person familiar with the talks said L3 Harris had vetted any potential deal for NSO’s technology with its customers in the US government and had received some signals of support from the American intelligence community. [But,] sources said, L3Harris had been caught off guard when a senior White House official expressed strong reservations about any potential deal. … Once L3Harris understood the level of “definitive pushback”, a person familiar with the talks said, “there was a view … that there was no way L3 was moving forward with this. … If the government is not aligned, there is no way for L3 to be aligned,” the person said.
“Could have resulted in the blacklisting being lifted” A deal for all or part of NSO would not be as simple as the two companies agreeing to terms, requiring permission from both the U.S. and Israeli governments. … NSO Group, with its Pegasus spyware, has been one of the most controversial cybersecurity companies of recent times. Pegasus is a form of software that uses zero-day or unpatched exploits to infect mobile devices. … The deal falling apart may also leave NSO in a difficult situation: With the blacklisting in place, the company is limited in whom it can sell Pegasus to and what technology it can purchase. In contrast, an acquisition by an American company could have resulted in the blacklisting being lifted.
“NSO spent years pretending they changed” WHOA: Deal … tanked. … [It] helps explain recent signs of desperation from the spyware company. [An] American defense contractor acquiring a demonstrably-uncontrollable purveyor of insecurity would be … atrocious for human rights [and] bad for … counterintelligence. … This is not a company that prioritizes America’s national security. And it doesn’t play well with our tech sector. … NSO spent years pretending they changed … while using all available tricks to hide the fact that they kept doing … risky biz and dictator deals.
ELI5? Look on u/Ozymandias606’s words, ye mighty, and despair:
“Biden visits Israel tomorrow” Pegasus is a hacking tool [that] can turn anyone’s phone into a tracking and recording device without the owner clicking a link. [It] has been sold to governments over the past several years [who] used Pegasus to spy on journalists and activists. … The Commerce Department added Pegasus’ creator to a blacklist that has been slowly choking the company. … A US defense contractor later offered to buy Pegasus – and claims they had explicit permission from US intelligence agencies to do so under a number of conditions, [which] include turning over the software’s source code to the “Five Eyes” cybersecurity alliance. … So, a handful of Western nations … were trying to control access to a cyber weapon that appears to take control of any phone in the world. … Biden visits Israel tomorrow – his first visit to the country.
Are you hinting what I think you’re hinting? This Anonymous Coward rents the curtain (but is behind on the payments): [You’re fired—Ed.]
Unfortunately, many Americans are still in denial about what the US govt routinely do. … This is simply Tiktok 2.0 (or Alstrom 3.0). … Anyone who looked at history will recognise the same pattern had happened many times already, including Alstrom in France. US will buy out any company, by force or by trickery, that took lead in any area the US deemed important.
Lockdown mode is nothing. It can’t work. If the software is compromised, letting software be the security can’t work. Every cell phone really needs to have 3 mechanical switches and a removable battery. 1 switch for power, 1 for the mic and 1 for the camera.
What next? The Combat Desert Penguin—@wolverine_salty—ponders alternative buyers:
Is Thiel interested?
Meanwhile, with a similarly snarky stance, here’s kmoser:
The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries.
The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region.
NSO Group’s General Counsel Chaim Gelfand admitted that the company had “made mistakes,” but that after the abuses of its software made the headlines it has canceled several contracts.
“We’re trying to do the right thing and that’s more than other companies working in the industry,” Gelfand told members of the PEGA committee. “Every customer we sell to, we do due diligence on in advance in order to assess the rule of law in that country. But working on publicly available information is never going to be enough.”
In April, the Parliament set up a new inquiry committee investigating the use of Pegaus spyware and equivalent surveillance software used to spy of phones belonging to politicians, diplomats, and civil society members. The spyware was used to target several European leaders, including Spain’s Prime Minister Pedro Sánchez, and Spanish political groups, Hungary, and Poland.
In February, the European Data Protection Supervisor (EDPS) authority called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU.
The abuse of this kind of solution poses a serious threat to fundamental rights, particularly on the rights to privacy and data protection.
“It comes from the EDPS’ conviction that the use of Pegasus might lead to an unprecedented level of intrusiveness, which threatens the essence of the right to privacy, as the spyware is able to interfere with the most intimate aspects of our daily lives.” states the European Data Protection Supervisor (EDPS).
“Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy.”
Privacy advocated and cybersecurity experts demonstrated the use of the Pegasus in surveillance campaigns worldwide targeting journalists, political figures, dissidents, and activists.
The bad news is that the business of digital surveillance is growing in scaring and uncontrolled way. Recently, experts spotted other surveillance malware infecting systems worldwide, such as the HERMIT spyware that was linked to an Italian firm.
If you want to read more info on the Pegasus spyware give a look at a report investigating Pegasus spyware impacts on human rights has been launched by the Council of Europe on the occasion of the summer session of the Parliamentary Assembly.
The report was prepared by the Information Society Department with contributions from Tamar Kaldani the former Personal Data Protection Inspector and the State Inspector of Georgia, currently serving as the first Vice-chair of the Consultative Committee of Convention 108 and Zeev Prokopets – an Israeli executive, product designer, software developer and entrepreneur.
“An investigation report released by a global consortium26 revealed that 200 journalists worldwide had been targeted using Pegasus spyware. The Office of the UN Special Rapporteur for Freedom of Expression also noted the number of victims of attempted spying through Pegasus, including Mexican journalists, human rights defenders and opposition leaders.27 “The numbers vividly show the abuse is widespread, placing journalists’ lives, those of their families and associates in danger, undermining freedom of the press and shutting down critical media,” – said Secretary-general of Amnesty International.” concludes the report. “The right to freedom of expression and information, as guaranteed by Article 10 of the Convention, constitutes one of the essential foundations of a democratic society and one of the basic conditions for its progress and the development of every individual.”
Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans.
Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed HOMAGE, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists.
The previously undocumented zero-click iMessage exploit HOMAGE works in attacks against iOS versions before 13.2.
The experts speculate the HOMAGE exploit was used since the last months of 2019, and involved an iMessage zero-click component that launched a WebKit instance in the com.apple.mediastream.mstreamd process, following a com.apple.private.alloy.photostream lookup for a Pegasus email address.
The experts at the Citizen Lab, in collaboration with Catalan civil society groups, have identified at least 65 individuals targeted or infected with spyware. 63 of them were targeted or infected with the Pegasus spyware, and four others with the spyware developed by another surveillance firm named Candiru. The researchers reported that at least two of them were targeted or infected with both surveillance software.
Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations, the threat actors also targeted family members.
The researchers also noticed that the content used in the bait SMS messages suggests access to targets personal information, including the Spanish governmental ID numbers.
“With the targets’ consent, we obtained forensic artefacts from their devices that we examined for evidence of Pegasus infections. Our forensic analysis enables us to conclude with high confidence that, of the 63 people targeted with Pegasus, at least 51 individuals were infected.” reads the report published by Citizen Lab.
“We are not aware of any zero-day, zero-click exploits deployed against Catalan targets following iOS 13.1.3 and before iOS 13.5.1.”
This isn’t the first time that Catalans were targeted by the NSO Group Pegasus Spyware, Citizen Lab has previously reported “possible cases of domestic political espionage” after detecting infections with the popular surveillance software. Multiple Catalans were targeted with Pegasus through the 2019 WhatsApp attack, at the time the spyware leveraged exploits for the
CVE-2019-3568
vulnerability.
The Citizen Lab doesn’t explicitly attribute the attacks to a specific threat actor, but the nature of the targets suggests a link with Spanish authorities. All the targets were of interest to the Spanish government and experts pointed out that the specific timing of the targeting matches events of specific interest to the Spanish government.
“While we do not currently attribute this operation to specific governmental entities, circumstantial evidence suggests a strong nexus with the government of Spain, including the nature of the victims and targets, the timing, and the fact that Spain is reported to be a government client of NSO Group.” concludes the report.
The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware.
The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU.
Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies.
The abuse of this kind of solution poses a serious threat to fundamental rights, particularly on the rights to privacy and data protection.
“It comes from the EDPS’ conviction that the use of Pegasus might lead to an unprecedented level of intrusiveness, which threatens the essence of the right to privacy, as the spyware is able to interfere with the most intimate aspects of our daily lives.” states the European Data Protection Supervisor (EDPS).
“Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy.”
Privacy advocated and cybersecurity experts demonstrated the use of the Pegasus in surveillance campaigns worldwide targeting journalists, political figures, dissidents, and activists.
Pegasus was used by governments with dubious human rights records and histories of abusive behaviour by their state security services.
The surveillance software allows to completely take over the target device and spy on the victims. Developers of surveillance solutions leverage zero-click zero-day exploits to silently compromise the devices without any user interaction. Pegasus is known to have used KISMET and FORCEDENTRY exploits to infect the devices of the victims.
NSO Group has repeatedly claimed that its software is sold exclusively to law enforcement and intelligence agencies to fight crime and terrorism, in so-called “life-saving mission.”
According to a series of disclosures by the business publication Calcalist in recent weeks, dozens of citizens in the country were targeted by Israel Police with the NSO Group’s spyware to gather intelligence without a search warrant authorizing the surveillance.
“National security cannot be used as an excuse to an extensive use of such technologies nor as an argument against the involvement of the European Union.” continues EDPS.
EDPS urges tight control over the use of surveillance and hacking tools to prevent and disincentive unlawful use.
In June 2019, three Israeli computer engineers arrived at a New Jersey building used by the F.B.I. They unpacked dozens of computer servers, arranging them on tall racks in an isolated room. As they set up the equipment, the engineers made a series of calls to their bosses in Herzliya, a Tel Aviv suburb, at the headquarters for NSO Group, the world’s most notorious maker of spyware. Then, with their equipment in place, they began testing.
The F.B.I. had bought a version of Pegasus, NSO’s premier spying tool. For nearly a decade, the Israeli firm had been selling its surveillance software on a subscription basis to law-enforcement and intelligence agencies around the world, promising that it could do what no one else — not a private company, not even a state intelligence service — could do: consistently and reliably crack the encrypted communications of any iPhone or Android smartphone.
Since NSO had introduced Pegasus to the global market in 2011, it had helped Mexican authorities capture Joaquín Guzmán Loera, the drug lord known as El Chapo. European investigators have quietly used Pegasus to thwart terrorist plots, fight organized crime and, in one case, take down a global child-abuse ring, identifying dozens of suspects in more than 40 countries. In a broader sense, NSO’s products seemed to solve one of the biggest problems facing law-enforcement and intelligence agencies in the 21st century: that criminals and terrorists had better technology for encrypting their communications than investigators had to decrypt them. The criminal world had gone dark even as it was increasingly going global.
But by the time the company’s engineers walked through the door of the New Jersey facility in 2019, the many abuses of Pegasus had also been well documented. Mexico deployed the software not just against gangsters but also against journalists and political dissidents. The United Arab Emirates used the software to hack the phone of a civil rights activist whom the government threw in jail. Saudi Arabia used it against women’s rights activists and, according to a lawsuit filed by a Saudi dissident, to spy on communications with Jamal Khashoggi, a columnist for The Washington Post, whom Saudi operatives killed and dismembered in Istanbul in 2018.
Finland Ministry for Foreign Affairs revealed that devices of Finnish diplomats have been infected with NSO Group’s Pegasus spyware.
Finland’s Ministry for Foreign Affairs revealed that the devices of some Finnish diplomats have been compromised with the infamous NSO Group’s Pegasus spyware.
The diplomats were targeted with the popular surveillance software as part of a cyber-espionage campaign.
“Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity. The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part. Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features.” reads a statement published by the Ministry.
According to the statement, threat actors have stolen data from the infected devices belonging to employees working in Finnish missions abroad. The attacks were spotted following an investigation that started in the autumn of 2021, anyway, according to the government experts the campaign is no longer active.
The announcement pointed out that the data transmitted or stored on diplomats’ devices are either public or classified at the lowest level of classified information (level 4).
Finland’s Ministry for Foreign Affairs warns that even if the information is not directly classified, the information itself and its source may be subject to diplomatic confidentiality.
“The Ministry for Foreign Affairs is continually monitoring events and activities in its operating environment and assessing related risks. The Ministry for Foreign Affairs monitors its services and strives to prevent harmful activities. The preparation of and decisions on foreign and security policy, in particular, are matters that attract much interest, which may also manifest itself as unlawful intelligence.” concludes the Ministry. “The Ministry responds to the risk by various means, but complete protection against unlawful intelligence is impossible.”
In December, Apple warned that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s Pegasus spyware.
Pegasus spyware was allegedly used by governments to spy upon prominent journalists, politicians and activists.
A Google blog has revealed how the sophisticated software was used to attack iPhone users.
The software used a vulnerability in iMessages to hack into iPhones without the user’s knowledge.
The Pegasus spyware, developed by Israel’s NSO group, made headlines for being used by governments and regimes across the world including India to spy on journalists, activists, opposition leaders, ministers, lawyers and others. The spyware is accused of hacking into the phones of at least 180 journalists around the world, of which 40 are notable Indian personalities.
Now, a Google blog from the Project Zero team called the attacks technically sophisticated exploits and assessed the software to have capabilities rivalling spywares previously thought to be accessible to only a handful of nations.
The company has also faced multiple lawsuits including one in India where the Supreme Court (SC) set up a three-member panel headed by former SC judge RV Raveendran to probe whether the software was used by the government to spy on journalists and other dissidents.
Apart from India, Apple has also sued the Israeli firm after having patched its security exploit. The company was also banned in the United States after the details of the spyware were revealed. Let’s take a look at how this advanced snooping technology discretely worked on iPhones.
According to the Project Zero blog, a sample of the ForcedEntry exploit was worked upon by the team and Apple’s Security Engineering and Architecture (SEAR) group. Pegasus attacks on iPhones were possible due to the ForcedEntry exploit.
Pegasus is a spyware (Trojan/Script) that can be installed remotely on devices running on Apple ‘ s iOS & Google ‘ s Android operating systems. It is developed and marketed by the Israeli technology firm NSO Group. NSO Group sells Pegasus to ” vetted governments ” for ” lawful interception ” , which is understood to mean combating terrorism and organized crime, as the firm claims, but suspicions exist that it is availed for other purposes. Pegasus is a modular malware that can initiate total surveillance on the targeted device, as per a report by digital security company Kaspersky. It installs the necessary modules to read the user’s messages and mail, listen to calls, send back the browser history and more, which basically means taking control of nearly all aspects of your digital life. It can even listen in to encrypted audio and text files on your device that makes all the data on your device up for grabs.
There are a range of security policies for dealing with users’ smartphones, from the most restrictive approach – no smartphone access allowed – to an open approach that allows personal phones to connect to the internal corporate network. We suggest that the right solution is somewhere in between.
You may have read about the Pegasus spyware in the news; the NSO Group’s software exploits flaws in iOS (iPhones) to gain access to data on an unsuspecting target’s phone. NSO sells Pegasus to governments, ostensibly to track criminals, but it’s often used by repressive regimes to spy on their opponents, political figures, and activists.
In the past, Pegasus infections were primarily achieved by sending a link to the victim’s phone; when the target clicked on it, they would trigger an exploit that would allow attackers to gain root access to the phone. Once the spyware obtains root access, it can read messages on apps like iMessage, WhatsApp, Telegram, Gmail and others. A sophisticated command and control network can report back to the operator and control the phone as well.
Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.
‘I will not be silenced’: Women targeted in hack-and-leak attacks speak out about spyware
Ghada Oueiss, a Lebanese broadcast journalist at Al-Jazeera, was eating dinner at home with her husband last June when she received a message from a colleague telling her to check Twitter. Oueiss opened up the account and was horrified: A private photo taken when she was wearing a bikini in a jacuzzi was being circulated by a network of accounts, accompanied by false claims that the photos were taken at her boss’s house.
Over the next few days she was barraged with thousands of tweets and direct messages attacking her credibility as a journalist, describing her as a prostitute or telling her she was ugly and old. Many of the messages came from accounts that appeared to support Saudi Crown Prince Mohammed bin Salman Al Saud, known as MBS, including some verified accounts belonging to government officials.
“I immediately knew that my phone had been hacked,” said Oueiss, who believes she was targeted in an effort to silence her critical reporting on the Saudi regime. “Those photos were not published anywhere. They were only on my phone.”
“I am used to being harassed online. But this was different,” she added. “It was as if someone had entered my home, my bedroom, my bathroom. I felt so unsafe and traumatized.”
Speaking to The Guardian, WhatsApp’s chief executive, Will Cathcart, said there are “parallels” between the 2019 attacks and a recent data leak allegedly implicating NSO Group clients in widespread cybersurveillance.
Israeli vendor NSO Group has experienced bad press in recent weeks due to a damning report issued by Forbidden Stories, Amnesty International, and various media outlets worldwide.
Forbidden Stories claimed that a leaked list of over 50,000 phone numbers allegedly revealed individuals either “of interest” or selected for targeting by clients. According to the non-profit’s Pegasus project, while an appearance on the list does not mean that someone was targeted or compromised by Pegasus, infection by the firm’s spyware was confirmed in “dozens” of cases.
Pegasus spyware has capabilities including remote access, both email and browser monitoring, location checks, information exfiltration, call recording, and the extraction of conversations across messaging applications including WhatsApp and Facebook.
NSO Group markets its products for use in criminal and terrorism-related investigations.
Alongside the alleged targeting of government officials, journalists, diplomats, political dissidents, lawyers, and activists were reportedly included in the leak.
![You Are Being Targeted – How to Keep Yourself Safe in a Connected World! (Survival and Security Series Book 1) by [Harvey Toogood]](https://m.media-amazon.com/images/I/51MetwIKKOL.jpg)
