Spotlight on Israeli based Pegasus Spyware software

Spotlight on Israeli based Pegasus Spyware software- Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through a zero-click exploit. As of 2022, Pegasus was capable of reading text messagestracking callscollecting passwordslocation tracking, accessing the target device’s microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones (phones spyware).

Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, as well as the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever; it was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.

The spyware has been used for surveillance of anti-regime activists, journalists, and political leaders from several nations around the world. In July 2021, the investigation initiative Pegasus Project, along with an in-depth analysis by human rights group Amnesty International, reported that Pegasus was still being widely used against high-profile targets.

The Pegasus Project, an investigation by 17+ news organizations in 10 countries, was coordinated by the Paris-based journalism nonprofit Forbidden Stories and advised by Amnesty International. Those two groups had access to a list of more than 50,000 phone numbers that included surveillance targets for clients of the Israeli spyware company NSO Group, which they shared with the journalists. Over the past several months, the journalists reviewed and analyzed the list in an effort to learn the identities of the owners of the phone numbers and to determine whether their phones had been implanted with NSO’s Pegasus spyware.

The investigation was able to link more than 1,000 government officials, journalists, businesspeople and human rights activists to numbers and to obtain data for 67 phones (phones spyware) whose numbers appeared on the list. That data was then analyzed forensically by Amnesty International’s Security Lab. Thirty-seven of those showed evidence of an attempted Pegasus intrusion or a successful hack.

Further analysis indicated that many of those intrusions or attempted intrusions came shortly after the phone number had been entered onto the list — some within seconds — suggesting a link between the list and subsequent surveillance efforts.

How vulnerable are you to such spyware? Are there steps you can take to keep your phone safe? Here are some answers:

Spotlight on Israeli based Pegasus Spyware software – WHAT TO KNOW

What is ‘spyware’ and who uses it? – Spotlight on Israeli based Pegasus Spyware software

Spyware is a catchall term for a category of malicious software, or malware, that seeks to collect information from somebody else’s computer, phone or other device. Spyware can be relatively simple, taking advantage of well-known security weaknesses to hack into poorly defended devices. But some of it is very sophisticated, relying on unpatched software flaws that can allow someone to pry into even the latest smartphones with advanced security measures.

The most sophisticated spyware is generally deployed by law enforcement or intelligence agencies, and there is a robust private market to provide those tools to nations that can afford them, including the United States. It has long been suspected that terrorist groups and sophisticated criminal gangs also have access to spyware. Spyware from another Israeli company, Candiru, was used to infect the computers and phones of activists, politicians and other victims through phony websites masquerading as pages for Black Lives Matter or health groups, cybersecurity researchers at Microsoft and the University of Toronto’s Citizen Lab said this month.

What can spyware collect? – Spotlight on Israeli based Pegasus Spyware software

Almost anything on a device is vulnerable to sophisticated spyware. Many people are familiar with traditional wiretapping, which allows real-time monitoring of calls, but spyware can do that and much more. It can collect emails, social media posts, call logs, even messages on encrypted chat apps such as WhatsApp or Signal. Spyware can determine a user’s location, along with whether the person is stationary or moving — and in what direction. It can collect contacts, user names, passwords, notes and documents. That includes photographs, videos and sound recordings. And the most advanced spyware can activate microphones and cameras — without turning on lights or any other indicators that recording has begun. Essentially, if users can do something on their devices, so can the operators of advanced spyware. Some can even deliver files to devices without users approving or knowing.

Why doesn’t encryption stop this? – Spotlight on Israeli based Pegasus Spyware software

What’s known as “end-to-end encryption” protects transmission of data between devices. It’s useful to stop “man-in-the-middle” attacks, where a hacker intercepts a message between its sender and recipient, because the message is locked with a specific encryption key. Such forms of encryption, widely adopted on commercial services after revelations by National Security Agency whistleblower Edward Snowden in 2013, also make it more difficult for government agencies to conduct mass surveillance by monitoring Internet traffic. But it’s not useful against “endpoint” attacks, which target either end of the communication. Once the encrypted message lands on the intended device, the system runs a program to decode the message to make it readable. When that happens, spyware on the device can read it, too.

Spotlight on Israeli based Pegasus Spyware software – What is NSO?

The NSO Group is a private company based in Israel that is a leading maker of spyware. Its signature product, Pegasus, is designed to break into iPhones (phones spyware) and Android devices. Founded in 2010, the company says it has 60 government customers in 40 countries. The company, which also has offices in Bulgaria and Cyprus, reportedly has 750 employees and recorded revenue of more than $240 million last year, according to Moody’s. It’s majority-owned by Novalpina Capital, a London-based private-equity firm.

Who are NSO’s customers? – Spotlight on Israeli based Pegasus Spyware software

The company won’t say, citing confidentiality agreements. Citizen Lab has documented suspected Pegasus infections in 45 locations: Algeria, Bahrain, Bangladesh, Brazil, Canada, Egypt, France, Greece, India, Iraq, Israel, Ivory Coast, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, the Palestinian territories, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the United Arab Emirates, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen and Zambia. However, the presence of infected phones does not necessarily mean a country’s government is a client

NSO has long said that Pegasus cannot be used to successfully target phones in the United States and that it should be used only against “suspected criminals and terrorists.” But research groups have found that it’s also been used to spy on political figures, journalists and human rights workers — findings confirmed by the Pegasus Project investigation.

How are spyware infections found? – Spotlight on Israeli based Pegasus Spyware software

Modern spyware is built to overtake systems while making it look as though nothing has changed, so hacked phones often have to be closely examined before they can show evidence they were targeted. Amnesty’s Security Lab designed a test to scan the data from phones for traces of a potential Pegasus infection, and the consortium asked people if they would agree to the analysis after learning their numbers were on the list. Sixty-seven agreed. Of those, data for 23 phones showed evidence of a successful infection and 14 had traces of an attempted hack.

For the remaining 30 phones, the tests were inconclusive, in several cases because the phones had been lost or replaced and the tests were attempted on backup files that might have held data from the previous phone. Fifteen of the tests were on data from Android phones, none of which showed evidence of successful infection. However, unlike iPhones, Androids do not log the kinds of information required for Amnesty’s detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Can I tell if my device was hacked? – Spotlight on Israeli based Pegasus Spyware software

Probably not. The malware is designed to work stealthily and cover its tracks. That’s why your best defense is probably guarding against infection in the first place.

Is my device vulnerable? – Spotlight on Israeli based Pegasus Spyware software

Nearly everyone’s smartphone is vulnerable, though most ordinary smartphone users are unlikely to be targeted in this way. Aside from criminal suspects and terrorists, those most likely to be surveillance targets include journalists, human rights workers, politicians, diplomats, government officials, business leaders, and relatives and associates of prominent people. Specially designed — and very expensive — phones using varieties of the Android operating system along with advanced security measures may resist attack by spyware, but there’s no way to know for sure.

Are there any rules to protect me? – Spotlight on Israeli based Pegasus Spyware software

There is little meaningful legal protection against being targeted by spyware in most of the world. NSO says Pegasus cannot be used on numbers inside the United States, Israel’s most important ally. The United States has some legal restrictions on spyware, including the federal Computer Fraud and Abuse Act, which was enacted in 1986 and bans “unauthorized access” of a computer or phone, but its vague language has meant that it’s often unevenly applied in court. Some states have passed cybersecurity and privacy laws, such as California’s Comprehensive Computer Data Access and Fraud Act, which bans electronic tampering or interference. WhatsApp has cited both laws in an ongoing court case against NSO.

Are there things I can do to make myself safer? – Spotlight on Israeli based Pegasus Spyware software

There are cybersecurity basics that make people somewhat safer from hacks of all sorts. Keep your devices and their software up to date, preferably by activating “automatic updates” on your settings. Devices over five years old — especially if they are running outdated operating systems — are particularly vulnerable.

Use a unique, hard-to-guess password for each device, site and app you use, and avoid easily predictable ones based on your phone number, date of birth or the names of your pets. A password manager such as LastPass or 1Password can make that easier. You should also turn on “two-factor authentication” everywhere you can: Those sites will ask not just for your password but for a second code, either sent to your phone or accessible via a separate authenticator app.

Avoid clicking on links or attachments from people you don’t recognize. Whenever possible, activate “disappearing messages” or similar settings so communications automatically vanish after a set period of time.

Who else can help protect my privacy? – Spotlight on Israeli based Pegasus Spyware software

The entities with the most power to thwart spyware are probably makers of devices and software, such as Apple and Google. They have been improving security on their smartphone (phones spyware) operating systems for years — but not enough to entirely thwart Pegasus and similar malware. Giant “cloud computing” companies can also take action to prevent their servers from helping the attacks: Both Microsoft and Amazon Web Services say they have taken steps to block malware when they’ve learned their systems were being used to transmit it.

Connected through code, Choose Your Platform!

About the Author: Bernard Aybout

In the land of bytes and bits, a father of three sits, With a heart for tech and coding kits, in IT he never quits. At Magna's door, he took his stance, in Canada's wide expanse, At Karmax Heavy Stamping - Cosma's dance, he gave his career a chance. With a passion deep for teaching code, to the young minds he showed, The path where digital seeds are sowed, in critical thinking mode. But alas, not all was bright and fair, at Magna's lair, oh despair, Harassment, intimidation, a chilling air, made the workplace hard to bear. Management's maze and morale's dip, made our hero's spirit flip, In a demoralizing grip, his well-being began to slip. So he bid adieu to Magna's scene, from the division not so serene, Yet in tech, his interest keen, continues to inspire and convene.
Go to Top