Antonio Gabor
Certified Ethical Hacker and Network Security Engineer
Photo: Unsplash.com
In the dark, shadowy realm where technology and espionage converge, one name stands out like a harbinger of clandestine power: NSO Group. This enigmatic entity has earned a notorious reputation as the purveyor of the infamous Pegasus spyware—a digital weapon so surreptitious and formidable that it makes the world of espionage quiver with trepidation. Like a stealthy phantom lurking in the virtual ether, Pegasus has infiltrated the lives of unsuspecting individuals and commandeered the very essence of privacy. As we delve into the murky depths of this cyber saga, the tale of NSO Group and its enigmatic spyware unfolds, revealing a high-stakes game of cat and mouse that sends shivers down the spines of both targets and spectators alike. Brace yourselves for an unsettling journey into the heart of digital darkness.
If you do a quick Google NSO group will surely seem like a reputable organization worthy of its worldwide recognition.
NSO comes as an Israeli cybersecurity intelligence firm that is the most well-known for its proprietary spyware solution called Pegasus. If you didn’t know before now you do.
According to its website, NSO creates technology that helps government agencies to prevent and investigate terrorism and to save lives around the world. That is their most prominent statement when you visit their website.
You must wonder how spyware helps government agencies. Well, it is an easy guess!
They spy on you.
If you are to believe Wikipedia this same software, pardon me, spyware is used to target human rights activists and journalists in numerous countries and is indirectly related to the murder of Saudi dissident Jamal Khashoggi by the Saudi government.
You would agree in saying that is one fierce statement. Let us do some fact-checking before we make any quick judgments.
If you head to Citizen Lab which is an independent research group, at any time you can find numerous research articles related to Pegasus and NSO group.
From targeting pro-democratic Movements in Thailand to UK government officials infected with the bug, there is an overwhelming number of information related to the same.
Nearly 200 Journalists from all corners of the Earth have compiled recommendations for fellow journalists who might be victims of high-performance surveillance software as it is called.
They claim that NSO group has, as a known client, the following countries:
- Mexico
- India
- Morocco
- Togo
- Rwanda
- Indonesia
- Saudi Arabia
- United Arab Emirates
- Kazakhstan
- Azerbaijan
- Hungary
Kindly allow me a slight digression, In December 2020 Serbian Security Service or BIA has been linked to the use of controversial software that can locate every phone in the country in a matter of seconds called Circles. As it happens to be Circles is a part of NSO Group according to BalkanInsight. Surprise, Surprise…
The technology behind Circles relies on a legacy suite of protocols called Signaling System 7 which was Developed in 1975 for the exchange of information and routing of phone calls between different telecommunication providers.
Now back to Pegasus and the dangers of it.
I must admit that the article title is a bit of clickbait but please let me defend my stand.
Bill Marczak plays a crucial role in exposing the NSO group selling the software for malicious purposes, revealing that they found evidence of Pegasus spyware on a mobile device belonging to Jamal Khashoggi’s inner circle. Washington Post reports it was Jamals’ fiancée who had the spyware installed on her smartphone.
Hanan Elatr, the widow of murdered Saudi journalist Jamal Khashoggi, during an interview this month. (Jon Gerberg/The Washington Post)
Hanan Elatr was an Emirates flight attendant at the time. Hanan was captured by UAE operators and all her mobile devices were taken away for a short period. Then she went on to be questioned about Jamal and released before his assassination in Istanbul, Turkey on the 2nd October of 2018.
72 seconds that would destroy a family forever.
It pains me to believe that technology can be used for such heinous crimes.
After the said event numerous investigations took place and massive lawsuits that would take on a war between Tech Giants such as WhatsApp (2019) and Apple (2021) and the NSO group.
What-is-pegasus-spyware-and-how-does-it-hack-phones
Above is the title of the article posted by The Guardian in 2021.
It claims that Pegasus can infect target mobile devices by exploiting Zero Click attacks!
Yes, you’ve heard it right, these days you don’t even need to click, it just infects you straight away. This is done in such a way that you don’t even know it’s there, spying on you 24/7. It copies messages, harvests your photos and data, and can even record phone calls.
Well, surely your antivirus would pick it up?!
Unfortunately, traditional antiviruses would not detect the presence of spyware as it lurks in the temporary memory of the device, however, there is a bit of light at the end of the tunnel as they say.
Amnesty International has developed a methodology to detect Pegasus spyware on smartphones and is providing its resources on the GitHub page.
Using their Mobile Verification Toolkit (MVT) you can learn how to detect this pesky spyware.
So, if you do happen to be infected, there are a couple of things that can be done according to RSI.
- Try restarting your smartphone, as this would put a temporary stop to Pegasus.
- Reset the smartphone to factory settings, which MAY remove the spyware.
- Update the smartphone system software and applications to the most current version.
- Remove any unknown device connections to social media platforms.
To contrast the above solution, Reporters Without Borders (RSF) are going as far as suggesting getting rid of the infected device altogether.
Buying a new smartphone might be sometimes your only option. If you are being targeted, buy cheap burner phones and change them often, as this might save your life.
In August of 2022, there was a leak and finally, we could see some actual proof of the NSO command centre and its graphical user Interface:
Source: haaretz.com
From the above article you can observe that Pegasus possess a full-fledged suite of functionality, from recorded phone calls, messages, camera grabs and others that were allegedly used in Israel and to whom the oversight of NSO group does not apply as they have a prototype solution that is the most permissive and open-ended version of Pegasus at the time.
This is supposedly an outdated version of the user interface; however, you can get the sense of how powerful this can be in the wrong hands.
Israeli Police used the opportunity to defend its position that the software is used only in accordance with their law and to prevent and solve serious crimes.
To quote them:
“The grave damage caused by reports of this sort has harmed and is still harming severely the ability of the police to act against grave crimes, prevent violations of the law, thwart them and bring the transgressors to court. To this end and to minimize insofar as possible the damage in these tools, the court has ordered immunity of the methods and the means. The gaps that emerge in the report will be addressed fully by a team the Police Commissioner has ordered to be established, headed by the deputy head of the Investigation and Intelligence Branch for the purpose of implementing the recommendations of the report. Moreover, the team is acting to carry out the required adjustments for the restoration of the use of the technological capabilities for combatting crime and terror, in parallel to the required equipping with additional technological tools for the benefit of the security of Israeli citizens.”
Restoration of the use of technological capabilities. Wonder what that means…
I will now take a deep breath and allow you some space and time to draw your conclusions.
As always,
Stay vigilant and stay safe!