Spotlight on Israeli based Pegasus Spyware software- Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through a zero-click exploit. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones (phones spyware).

Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, as well as the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever; it was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.

The spyware has been used for surveillance of anti-regime activists, journalists, and political leaders from several nations around the world. In July 2021, the investigation initiative Pegasus Project, along with an in-depth analysis by human rights group Amnesty International, reported that Pegasus was still being widely used against high-profile targets.

The Pegasus Project, an investigation by 17+ news organizations in 10 countries, was coordinated by the Paris-based journalism nonprofit Forbidden Stories and advised by Amnesty International. Those two groups had access to a list of more than 50,000 phone numbers that included surveillance targets for clients of the Israeli spyware company NSO Group, which they shared with the journalists. Over the past several months, the journalists reviewed and analyzed the list in an effort to learn the identities of the owners of the phone numbers and to determine whether their phones had been implanted with NSO’s Pegasus spyware.

The investigation was able to link more than 1,000 government officials, journalists, businesspeople and human rights activists to numbers and to obtain data for 67 phones (phones spyware) whose numbers appeared on the list. That data was then analyzed forensically by Amnesty International’s Security Lab. Thirty-seven of those showed evidence of an attempted Pegasus intrusion or a successful hack.

Further analysis indicated that many of those intrusions or attempted intrusions came shortly after the phone number had been entered onto the list — some within seconds — suggesting a link between the list and subsequent surveillance efforts.

How vulnerable are you to such spyware? Are there steps you can take to keep your phone safe? Here are some answers:

Spotlight on Israeli based Pegasus Spyware software – WHAT TO KNOW

• What is ‘spyware’ and who uses it?
• What can spyware collect?
• Why doesn’t encryption stop this?
• What is NSO?
• Who are NSO’s customers?
• How are spyware infections found?
• Can I tell if my device was hacked?
• Is my device vulnerable?
• Are there any rules to protect me?
• Are there things I can do to make myself safer?
• Who else can help protect my privacy?

What is ‘spyware’ and who uses it? – Spotlight on Israeli based Pegasus Spyware software

Spyware is a catchall term for a category of malicious software, or malware, that seeks to collect information from somebody else’s computer, phone or other device. Spyware can be relatively simple, taking advantage of well-known security weaknesses to hack into poorly defended devices. But some of it is very sophisticated, relying on unpatched software flaws that can allow someone to pry into even the latest smartphones with advanced security measures.

The most sophisticated spyware is generally deployed by law enforcement or intelligence agencies, and there is a robust private market to provide those tools to nations that can afford them, including the United States. It has long been suspected that terrorist groups and sophisticated criminal gangs also have access to spyware. Spyware from another Israeli company, Candiru, was used to infect the computers and phones of activists, politicians and other victims through phony websites masquerading as pages for Black Lives Matter or health groups, cybersecurity researchers at Microsoft and the University of Toronto’s Citizen Lab said this month.

What can spyware collect? – Spotlight on Israeli based Pegasus Spyware software

Almost anything on a device is vulnerable to sophisticated spyware. Many people are familiar with traditional wiretapping, which allows real-time monitoring of calls, but spyware can do that and much more. It can collect emails, social media posts, call logs, even messages on encrypted chat apps such as WhatsApp or Signal. Spyware can determine a user’s location, along with whether the person is stationary or moving — and in what direction. It can collect contacts, user names, passwords, notes and documents. That includes photographs, videos and sound recordings. And the most advanced spyware can activate microphones and cameras — without turning on lights or any other indicators that recording has begun. Essentially, if users can do something on their devices, so can the operators of advanced spyware. Some can even deliver files to devices without users approving or knowing.

Why doesn’t encryption stop this? – Spotlight on Israeli based Pegasus Spyware software

What’s known as “end-to-end encryption” protects transmission of data between devices. It’s useful to stop “man-in-the-middle” attacks, where a hacker intercepts a message between its sender and recipient, because the message is locked with a specific encryption key. Such forms of encryption, widely adopted on commercial services after revelations by National Security Agency whistleblower Edward Snowden in 2013, also make it more difficult for government agencies to conduct mass surveillance by monitoring Internet traffic. But it’s not useful against “endpoint” attacks, which target either end of the communication. Once the encrypted message lands on the intended device, the system runs a program to decode the message to make it readable. When that happens, spyware on the device can read it, too.

Spotlight on Israeli based Pegasus Spyware software – What is NSO?

The NSO Group is a private company based in Israel that is a leading maker of spyware. Its signature product, Pegasus, is designed to break into iPhones (phones spyware) and Android devices. Founded in 2010, the company says it has 60 government customers in 40 countries. The company, which also has offices in Bulgaria and Cyprus, reportedly has 750 employees and recorded revenue of more than $240 million last year, according to Moody’s. It’s majority-owned by Novalpina Capital, a London-based private-equity firm.

Who are NSO’s customers? – Spotlight on Israeli based Pegasus Spyware software

The company won’t say, citing confidentiality agreements. Citizen Lab has documented suspected Pegasus infections in 45 locations: Algeria, Bahrain, Bangladesh, Brazil, Canada, Egypt, France, Greece, India, Iraq, Israel, Ivory Coast, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, the Palestinian territories, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the United Arab Emirates, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen and Zambia. However, the presence of infected phones does not necessarily mean a country’s government is a client

NSO has long said that Pegasus cannot be used to successfully target phones in the United States and that it should be used only against “suspected criminals and terrorists.” But research groups have found that it’s also been used to spy on political figures, journalists and human rights workers — findings confirmed by the Pegasus Project investigation.

How are spyware infections found? – Spotlight on Israeli based Pegasus Spyware software

Modern spyware is built to overtake systems while making it look as though nothing has changed, so hacked phones often have to be closely examined before they can show evidence they were targeted. Amnesty’s Security Lab designed a test to scan the data from phones for traces of a potential Pegasus infection, and the consortium asked people if they would agree to the analysis after learning their numbers were on the list. Sixty-seven agreed. Of those, data for 23 phones showed evidence of a successful infection and 14 had traces of an attempted hack.

For the remaining 30 phones, the tests were inconclusive, in several cases because the phones had been lost or replaced and the tests were attempted on backup files that might have held data from the previous phone. Fifteen of the tests were on data from Android phones, none of which showed evidence of successful infection. However, unlike iPhones, Androids do not log the kinds of information required for Amnesty’s detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Can I tell if my device was hacked? – Spotlight on Israeli based Pegasus Spyware software

Probably not. The malware is designed to work stealthily and cover its tracks. That’s why your best defense is probably guarding against infection in the first place.

Is my device vulnerable? – Spotlight on Israeli based Pegasus Spyware software