What are the Origins of Pegagus Spyware & How Can It Infect Our Lives?

Edited by: TJVNews.com

Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is reportedly able to exploit all iOS versions up to 14.6, through a zero-click iMessage exploit, as was reported by Wikipedia. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones, as was reported by Wikipedia.

Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. Wikipedia reported that sews of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever and was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.

In August 2020, Haaretz reported that NSO Group sold Pegasus for hundreds of millions of US dollars to the United Arab Emirates and the other Gulf States, for surveillance of anti-regime activists, journalists, and political leaders from rival nations, with encouragement and mediation by the Israeli government. Since July 2021, an international investigation Pegasus Project, along with an in-depth analysis by human rights group Amnesty International, reported that Pegasus was still being widely used against high-profile targets, as was reported by Wikipedia.

NSO Group developed its first iteration of Pegasus spyware in 2011. Wikipedia reported that the company states that it provides “authorized governments with technology that helps them combat terror and crime.” NSO Group has published sections of contracts which require customers to use its products only for criminal and national security investigations and has stated that it has an industry-leading approach to human rights, as was reported by Wikipedia.

Pegasus’ iOS exploitation was identified in August 2016. Arab human rights defender Ahmed Mansoor received a text message promising “secrets” about torture happening in prisons in the United Arab Emirates by following a link. Wikipedia reported that Mansoor sent the link to Citizen Lab of the University of Toronto, which investigated, with the collaboration of Lookout, finding that if Mansoor had followed the link it would have jailbroken his phone and implanted the spyware into it, in a form of social engineering.

Citizen Lab and Lookout discovered that the link downloaded software to exploit three previously unknown and unpatched zero-day vulnerabilities in iOS. According to their analysis, the software can jailbreak an iPhone when a malicious URL is opened, a form of attack known as spear phishing. The software installs itself and collects all communications and locations of targeted iPhones. The software can also collect Wi-Fi passwords.

Wikipedia reported that the researchers noticed that the software’s code referenced an NSO Group product called “Pegasus” in leaked marketing materials. Wikipedia reported that Pegasus had previously come to light in a leak of records from Hacking Team, which indicated the software had been supplied to the government of Panama in 2015. Citizen Lab and Lookout notified Apple’s security team, which patched the flaws within ten days and released an update for iOS. A patch for macOS was released six days later.

Regarding how widespread the issue was, Lookout explained in a blog post: “We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code” and pointed out that the code shows signs of a “kernel mapping table that has values all the way back to iOS 7” (released 2013). Wikipedia reported that the New York Times and The Times of Israel both reported that it appeared that the United Arab Emirates was using this spyware as early as 2013.It was used in Panama by former president Ricardo Martinelli from 2012 to 2014, who established the Consejo Nacional de Seguridad (National Security Council) for its use.

On February 2 of this year, the AP reported that the FBI has confirmed purchasing Pegasus spyware. It suggested its motivation was to “stay abreast of emerging technologies and tradecraft.”

The AP also reported that the agency said in a statement that it obtained a limited license from the Israeli firm “for product testing and evaluation only,” never using it operationally or to support any investigation.

But critics wondered why the premier U.S. law enforcement agency would need to pay for access to a notorious surveillance tool that has been extensively researched by public interest cyber sleuths if its interest was so limited, as was reported by the AP.

“Spending millions of dollars to line the pockets of a company that is widely known to serially facilitate widespread human rights abuses, possible criminal acts, and operations that threaten the U.S.’s own national security is definitely troubling,” said Ron Deibert, director of Citizen Lab, the University of Toronto internet watchdog that has exposed dozens of Pegasus hacks since 2016.

An FBI spokesperson did not say what the agency paid NSO Group or when, but The New York Times reported a few weeks ago that it obtained a one-year license for $5 million, testing it in 2019. The Guardian of the UK quoted a source familiar with the deal as saying the FBI paid $4 million to renew the license but never used the spyware, which infiltrates a target’s smart phone, granting access to all its communications and location data and converting it into a remote eavesdropping device, as was reported by the AP.

In November, the Commerce Department blacklisted NSO Group, barring it from access to U.S. technology. Apple subsequently sued the company, calling it “amoral 21st century mercenaries.”

On December 21, 2021, the AP reported that the aggressive cellphone break-ins of a high-profile lawyer representing top Polish opposition figures came in the final weeks of pivotal 2019 parliamentary elections. Two years later, a prosecutor challenging attempts by the populist right-wing government to purge the judiciary had her smartphone hacked.

The AP reported that in both instances, the invader was military-grade spyware from NSO Group, say digital sleuths of the University of Toronto-based Citizen Lab internet watchdog.

Citizen Lab could not say who ordered the hacks and NSO does not identify its clients, beyond saying it works only with legitimate government agencies vetted by Israel’s Defense Ministry. But both victims believe Poland’s increasingly illiberal government is responsible, according to the AP report.

A Polish state security spokesman, Stanislaw Zaryn, would neither confirm nor deny whether the government ordered the hacks or is an NSO customer.

The AP reported that lawyer Roman Giertych and prosecutor Ewa Wrzosek join a list of government critics worldwide whose phones have been hacked using the company’s Pegasus product. The spyware turns a phone into an eavesdropping device and lets its operators remotely siphon off everything from messages to contacts.

On January 6th of this year, the AP reported that Amnesty International said it has independently confirmed that powerful spyware from the Israeli surveillance software maker NSO Group was used to hack Polish Sen. Krzysztof Brejza’s mobile phone multiple times in 2019 when he was running the opposition’s parliamentary election campaign.

On December 3, 2021 the AP reported that the phones of 11 U.S. State Department employees were hacked with spyware from Israel’s NSO Group.

The employees were all located in Uganda and included some foreign service officers, said the person, who was not authorized to speak publicly about an ongoing investigation, according to the AP report. Some local Ugandan employees of the department appear to have been among the 11 hacked, the person said.

The hacking is the first known instance of NSO Group’s trademark Pegasus spyware being used against U.S. government personnel. It was not known what individual or entity used the NSO technology to hack into the accounts, or what information was sought.

“We have been acutely concerned that commercial spyware like NSO Group software poses a serious counterintelligence and security risk to U.S. personnel,” White House press secretary Jen Psaki said at a December press briefing.

On November 8, 2021 , the AP reported that Mexican prosecutors said that they had arrested a businessman on charges he used the Pegasus spyware to spy on a journalist.

The software marketed by the Israeli spyware firm NSO Group has been implicated in government surveillance of opponents and journalists around the world.

The AP reported that Mexico had the largest list — about 15,000 phone numbers — among more than 50,000 reportedly selected by NSO clients for potential surveillance.

Federal prosecutors announced the arrest but did not name the suspect under rules aimed at protecting presumption of innocence.

In July, Mexico’s top security official said two previous administrations spent $61 million to buy Pegasus spyware. The two companies the suspect was linked to were allegedly parties to some of the contracts, according to the AP report.

Also on November 8, 2021, the AP reported that security researchers disclosed that spyware from the NSO Group was detected on the cellphones of six Palestinian activists, half of whom were affiliated with groups that were involved in terrorism.

The AP reported that the revelation marks the first known instance of Palestinian activists being targeted by the military-grade Pegasus spyware.

(Sources: AP, Wikipedia)