By Spy Uganda Correspondent
A data breach of the Israeli spy company NSO Group has revealed that the company’s Pegasus software is being used by governments around the world to spy on political dissidents and journalists. The breach, obtained by French media non-profit Forbidden Stories and Amnesty International, included a list of 50,000 phone numbers targeted for infection with the Pegasus spyware.
Many identified targets of NSO’s software are prominent individuals, including hundreds of business executives, religious leaders, academics, union and government officials—including several yet to be named cabinet ministers, presidents and prime ministers—as well as employees of Non-Governmental Organizations (NGOs).
The list consists of at least 180 targeted journalists, with reporters, executives, and editors from the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters, all identified by the Pegasus project.
Without forensic analysis of each phone number listed, it is impossible to determine how many phones were actually infected. However, an analysis of a sample of the listed phones by the Pegasus project determined that half, 37 of 67, were infected, indicating potentially tens of thousands of infections.
Regardless of how many phones were actually infected, the determination by government agencies that it was necessary to spy on tens of thousands of people, and hundreds of journalists and activists, is a warning of the lengths that capitalist governments will go to suppress any and all opposition to their rule and trample on democratic rights.
The revelations of the scale and extent of NSO’s spying operations are an astonishing exposure of the ability of governments and intelligence agencies around the world to spy on their populations. An extensive investigation by over a dozen news outlets has discovered disturbing details about the capabilities of the Pegasus spyware.
According to the reports, Pegasus software is capable of monitoring all information stored on a smartphone, including texts, emails, and images, as well as encrypted data and contacts lists. It is even capable of accessing the victim’s GPS, as well as activating a cell phone microphone or camera to record the target’s conversations.
Such capabilities suggest that it may have been the GPS tracking features of Pegasus that facilitated the assassination of Mexican journalist Cecilio Pineda Birto in 2017. Pineda was gunned down by four men at a car wash in Altamirano, Mexico just weeks after his addition to the list by one of NSO’s Mexican clients.
Even more concerning is the ability of Pegasus to infect a target’s phone with ease. Earlier infection models relied on texting or emailing a link through which the virus would enter the target’s device. This method was often unreliable, with some known targets sent links that failed to complete the infection. However, recent advancements in NSO’s spyware have allowed it to infect phones through what are called “zero-click” attacks that significantly reduce the risk of failure.
Such attacks enable NSO to infect target devices without any interaction on the part of the victim. These methods exploit “zero-day” vulnerabilities such as bugs in the operating system of a phone that the developer may not even know exist. In 2019, for example, WhatsApp revealed that NSO had been able to send malware to 1,400 devices by exploiting a zero-day vulnerability that allowed Pegasus to infect the device through a phone call, regardless of whether the target answered the call or not.
NSO has also been working to exploit weaknesses in Apple’s iMessage app. Claudio Guarnieri, director of Amnesty International’s Security Lab, has been able to identify Pegasus infections of Apple devices as recently as this month, even penetrating Apple’s most recent security updates.
The target may also have their phone targeted remotely through an agent operating a wireless transceiver, and, according to NSO itself, a phone can be infected manually if an agent is able to steal the phone and download the spyware directly.
Using these techniques, Pegasus is virtually impossible to stop. The software is effectively undetectable, living in the temporary memory of a device and leaving no trace once the device is shut down. Furthermore, once infected, the spyware is capable of activating administrative privileges for itself. “Pegasus can do more than what the owner of the device can do,” Guarnieri explained to the journalists.
Guarnieri continued, “This is a question that gets asked to me pretty much every time we do forensics with somebody: ‘What can I do to stop this happening again?’ The real honest answer is nothing.”
The consequences of the widespread deployment of this software are apparent: NSO is facilitating the extensive spying on journalists and political dissidents by governments with impunity.
According to NSO, it provides its services only to verified military, law enforcement and intelligence agencies in 40 unnamed countries and conducts extensive vetting of clients’ human rights records. Ostensibly, the software is only used to target high profile criminals and terrorists.
However, based on information about NSO’s clients obtained by the Pegasus project, this appears to be patently false. Not only have journalists, political activists and even high-ranking politicians been targets, but the ten countries so far identified by the Pegasus project as clients of NSO are Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India and the United Arab Emirates.