Al - Dalqamouni
The Israeli spy group NSO has signed a page with Saudi officials for selling a program to penetrate the cell phone called Pegasus 3 for $ 55 million, a newspaper report said on Sunday.
There may also be a link between the killing of Saudi journalist Jamal Khashoggi at his consulate in Istanbul last month and Saudi Arabia's use of the Pegasus program, according to the famous data channel Edward Snowden, who in a video interview with Israeli journalists from Moscow earlier this month asked: "How did they know what his intentions were? And how did they decide that he was someone who needed action against him and that he deserved to risk? "
What is this program? How serious is it?
NSO Group
"NSO" is an Israeli company specializing in the development of cyber espionage tools, founded in 2010 and employs about 500 people and is located near Tel Aviv.
The company has been the subject of considerable controversy in recent years, according to the Canadian laboratory of Statistics Internet Control, "Pegasus," marketed by the company, used by countries characterized by "suspicious human rights records and dates of the arbitrary behavior of state security."
Pegasus is a very expensive spyware. According to the Fast6 price list, NASO requests $ 650,000 from customers to penetrate 10 devices and $ 0.5 million to install software.
Discovery
Pegasus is one of the most dangerous and "most complex" spyware programs. It specifically targets the Apple OS, but there is a version of Android that is somewhat different from the iOS version.
Researchers first discovered this program in August 2016 after a failed attempt to install it on an iPhone to a human rights activist in the United Arab Emirates, Ahmed Mansour, through a suspicious link in a text message. The investigation revealed details about the program and its potential, .
| The suspicious link in the text message that came to Ahmed Mansour's phone and clicking on it to install the virus Pegasus (Citizen Lab) |
How dangerous it is
Kaspersky Anti-Virus explains that Pegasus is a modular malware that first scans the target device, installs the necessary module to read user messages and e-mail, listen to calls, take screenshots, record keystrokes , Pull your Internet browser log, and contacts.
It can listen to encrypted audio files and read encrypted messages, thanks to its ability to record keystrokes and voice recording, stealing messages before encrypting them (and messages received after decryption).
"The program can do anything users can do, including reading text messages, running a camera and microphone, adding and removing files, and processing data," said Scott Raiton, a researcher at Citizen Blog.
How it works?
Phishing is the most common method of infecting the device with this spyware program, sending an e-mail message to the victim with a suspicious link, and when clicked, the virus is installed in the device.
When the virus first discovered the target was an iPhone phone running an unbroken version of iOS (non-jailbroken iOS) and so researchers described it as the most complex attack they had ever seen.
The program relies on three gaps not known in the IOS system from version 7 to version 9.3.4, called "Zero-Day" allows the virus to penetrate the operating system silently and install spyware.
| Pegasus was originally designed to target iPhone phones, whether the protection is broken or not (Reuters) |
Targeted
Because Pegasus is a highly targeted and costly spy program, actors use it to attack "high-value" members of political activists or others who have access to important, sensitive and confidential information.
But it is also likely to be used to attack specific targets for multiple purposes, including spying on big companies. Executives, chief executives, financial executives and teams are often in the range of attack, because they usually have access to confidential data, especially on their mobile devices.
IOS and Android
The Android version, which was discovered in 2017, is not very different from the iOS version, but does not rely on ZeroDay vulnerabilities to penetrate the device, but relies on a well-known method of breaking the device protection called Framaroot.
Another difference is that if the iOS version fails to break the device protection, the entire attack fails, but in the case of the Android version, even if the virus fails to access the root of the phone to install the spyware, it will still try to ask the user to obtain the necessary permissions To generate at least some data.
Protection
Usually when a new version of Pegasus is released for IOS, Apple is moving quickly to face this, and the company has released a security update to fill all the gaps mentioned. Google is resorting to another way to alert target users directly to the virus.
If you've updated the OS OS to the latest version and have not received a warning message from Google, you're probably safe from Pegasus, according to Kaspersky. Always update your device with the latest patches and install good security solutions.
| Map of countries affected by the Pegasus program and show the UAE and Israel in red, which indicates the most affected (Citizen Lab) |
Spread size
Over the past two years, Citizen Lab has scanned the Internet for servers linked to Pegasus, and found traces in 45 countries, including 17 Arab countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Saudi Arabia, Tunisia, UAE and Yemen. Along with countries such as the United States, the United Kingdom, Canada, France, Israel and Turkey.
In its report published in September, the institute said it identified what appeared to be a significant expansion of PEGASUS use in the GCC. In total, at least six operators have been identified with significant operations in the GCC, two of which appear to be predominantly focused on the UAE, one focusing mostly on Bahrain and one focusing on Saudi Arabia.