Pegasus Spyware on the State Department Phone: What You Need to Know

Smartphone Monitoring Graphic

Angela Lang / CNET

This is a dossier on the issue of digital espionage. Security researchers have uncovered evidence of an attempt or successful installation of Pegasus software, developed by the Israeli-based cybersecurity company NSO Group, on 37 phones belonging to activists, rights activists, journalists and business people. They appear to have been subjected to covert surveillance through software aimed at helping governments pursue criminals and terrorists.

One of the most powerful objections to Pegasus came from the US government, and now a cause for outrage could be revealed on Friday: Spyware was found on the phones of at least nine State Department employees who were killed by Apple. The hack was reported, Reuters reported. The officials were either based in Uganda or involved in African-American affairs, but it was not immediately clear who hacked the phone, the report said, citing unnamed sources. The New York Times confirmed the report, saying at least 11 employees had been affected.

Pegasus has been a politically explosive issue that has put Israel under pressure from governments worried about workers and the misuse of software. In November, the US federal government cracked down. Stop selling US technology to NSO By listing the company as a government entity. The NSO has suspended Pegasus privileges in some countries, but has sought to defend its software and control its use.

Apple sues NSO Group In November, to prevent the company from using the software on Apple devices, the NSO demanded that it search and delete any private data collected by its app, and disclose the profits from the operations. Do “Private companies that develop state-sponsored spyware have become even more dangerous,” said Craig Federigi, head of Apple Software.

The phones were on a list of more than 50,000 phone numbers of an active organization, including politicians, judges, lawyers, teachers and others. The list includes 10 prime ministers, three presidents and a king, according to an international investigation released by the Washington Post and other media outlets in mid-July, although there is no evidence to add to the list. Whether the attack was attempted or successful. .

Pegasus is the latest example of how vulnerable we all are to digital printing. Our phones store our personal information, including photos, text messages and emails. Spyware can directly show what is happening in our lives, ignoring the encryption that protects the data sent over the Internet.

50,000 phone numbers are linked to phones around the world, although NSO disputes the relationship between the list and the actual phones targeted by Pegasus. The list includes equipment belonging to dozens of people close to Mexican President Andres Manuel Lopez Obrador, as well as correspondents from CNN, the Associated Press, The New York Times and The Wall Street Journal. Many of the phones on the list, including the French wife of a political activist imprisoned in Morocco, were affected or attacked by Claude Mangin. Other cases of Pegasus infection have been reported since the initial revelations.

Here’s what you need to know about Pegasus.

What is NSO Group?

It is a company that licenses surveillance software to government agencies. The company says its Pegasus software provides a valuable service because encryption technology allows criminals and terrorists to go “into the dark.” The software runs secretly on smartphones, shedding light on what their owners are doing. Other companies provide similar software.

The company was co-founded in 2010 by Chief Executive Shelio Hulio. NSO also offers other tools that detect where the phone is being used, drones and mines defend against law enforcement data to track patterns.

The NSO has been implicated in previous reports and other hacks, including the alleged hacking of Amazon founder Jeff Bezos in 2018. A Saudi opponent had sued the company in 2018 for its alleged role in hacking the device of journalist Jamal Khashkji, who was assassinated inside the Saudi embassy in Turkey the same year.

What is Pegasus?

Pegasus is NSO’s most popular product. According to the Washington Post, it can be installed remotely without opening a link to a document or website without a monitoring target. Pegasus displays everything it controls – can record text messages, photos, emails, videos, contact lists – and phone calls. The Washington Post said it could secretly turn on the phone’s microphone and cameras to make new recordings.

General security measures, such as updating your software and using two-factor authentication, can help keep mainstream hackers out of control, but When concentrated, protection is really difficult.

Pegasus should not be used to go after activists, journalists and politicians. “The NSO Group licenses its products to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terrorism and serious crimes,” the company said on its website. “Our testing process goes beyond legal and regulatory requirements to ensure the fair use of our technology in accordance with the design.”

The human rights group Amnesty International, however, documents in detail how it tracked the NSO group’s compromised smartphones. Citizen Lab, a Canadian security organization at the University of Toronto, said it had independently corrected Amnesty International’s findings after examining phone backup data.

In September, though, Apple Made a safety hole that Pegasus exploited. For installation on iPhones. Malware often uses a combination of such vulnerabilities to gain access to a device and then extend the privileges to become more powerful. NSO Group software also runs on Android phones.

Why is Pegasus in the news?

Forbidden Stories, a Paris-based non-profit journalism organization, and human rights group Amnesty International have shared a list of more than 50,000 phone numbers with 17 news organizations for those believed to be NSOs. Interested in users of

News sites confirmed the identities of many people on the list and the infection on their phones. According to the Washington Post, of the 67 phones listed, 37 showed signs of attempting to install Pegasus. Of those 37 phones, 34 were Apple iPhones.

The list of 50,000 phone numbers includes French President Emmanuel Macron, Iraqi President Braham Saleh and South African President Cyril Ramaphosa. In addition, seven former prime ministers and three current prime ministers are Imran Khan of Pakistan, Mustafa Madboli of Egypt and Saad Aden Al-Othmani of Morocco. Morocco’s King Mohammed VI is also on the list.

Episodes did not help Apple’s reputation when it came to device security. “We take any attack on our customers very seriously,” Federichi said. The company said it would donate $ 10 million in damages from lawsuits to organizations advocating for privacy and researching online surveillance. There is a drop in the bucket for this. Apple reported a profit of .5 20.5 billion. For its current quarter, however, it could be significant for very small organizations, such as Citizen Labs.

Whose phone was affected by Pegasus?

The Guardian reports that in addition to Mangan, two journalists from the Hungarian investigative outlet Direkt36 also had their phones confiscated.

The Washington Post reports that Pegasus attacked the phone of Hanan al-Tattar, the wife of slain Saudi columnist Jamal Khashoggi, although it was not clear if the attack was successful. But the spyware made it to the phone of Khashoggi’s fiance, Hatice Sengiz, shortly after his death.

The Washington Post reported that seven people in India were found with infected phones, including five journalists and an adviser to an opposition party criticizing Prime Minister Narendra Modi.

And six people working for Palestinian human rights groups had Pegasus-infected phones, Citizen Lab reported in November.

What are the consequences of Pegasus situation?

The United States has cut off NSO Group as a consumer of American products, a serious move that would require the company to have computer processors, phones and developer tools that often come from US companies. The NSO “provided spyware to foreign governments” which used it to maliciously target government officials, journalists, businessmen, workers, academics and embassy workers. These devices have also enabled foreign governments to exert international pressure, “said the Commerce Department.

Politico reported that Macron changed his mobile phone number and requested new security checks. He called a national security meeting to discuss the issue. According to The Guardian, Macron also raised Pegasus concerns with Israeli Prime Minister Naphtali Bennett, and called on the country to investigate the NSO and Pegasus. The Israeli government must approve an export license for Pegasus.

Israel has set up a commission of inquiry into the situation in Pegasus. And on July 28, Israeli defense officials personally inspected NSO offices.

European Commission President Arsula van der Leyen said the use of Pegasus was “completely unacceptable” if the allegations were confirmed. “Freedom of the media, independent journalism is one of the core values ​​of the European Union,” he added.

In India, the Nationalist Congress Party called for an investigation into the use of Pegasus.

In an interview with The Guardian, Edward Snowden, who in 2013 leaked information about US National Security Agency surveillance methods, called for a ban on the sale of spyware. He argued that such devices would soon be used to spy on millions of people. “When we’re talking about something like an iPhone, they’re running the same software all over the world. So if they’re looking for a way to hack an iPhone,” said Snowden. They have found a way to hack them all. ” .

What does the NSO have to say about this?

The NSO acknowledges that its software may be misused. According to the Washington Post, it has cut off two users in the last 12 months due to fears of human rights abuses. The company said in its June Transparency Report, “So far, the NSO has turned down more than US $ 300 million in sales opportunities as a result of its human rights review process.”

However, NSO strongly challenges any link in the list of phone numbers. “There is no correlation between the 50,000 numbers of the NSO group or Pegasus,” the company said in a statement.

“I have every charge of misuse of the system,” Hulio told the Post. “It violates the trust we give customers. We are investigating every allegation.”

In a statement, the NSO denied “false claims” about Pegasus, which it said were based on “misleading interpretations of leaked data.” The company added that Pegasus “cannot be used for cyber surveillance inside the United States.”

The NSO group did not immediately respond to a request for comment on the alleged State Department phone infection. But he told Reuters he had canceled the relevant accounts, was investigating, and would take legal action if found misused.

The NSO will seek to lift the US government’s ban. “We look forward to hearing from you about how we have the world’s strictest compliance and human rights programs based on the American values ​​we share deeply, which makes our products Numerous contacts have already been lost with government agencies that misuse. ” An NSO spokesman said.

According to the Washington Post, in the past, the NSO also barred some government agencies in Saudi Arabia, the United Arab Emirates, Dubai and Mexico from using the software.

How can I tell if my phone is infected?

Amnesty International has released an open source utility called MVT (Mobile Verification Toolkit), which is designed to detect traces of Pegasus. This software runs on personal computer and analyzes data including backup files recovered from iPhone or Android phone.

Write a Comment