Unusually, our story begins today in Mexico, where the founders of the Israeli company NSO claimed that their new program, Pegasus, which is their main product, helped eliminate many of the leaders of the major drug cartels there. With the ability to infiltrate targeted phones, collect data and location information, and even record conversations within the target phone's range, the authorities have enabled the arrest and conviction of drug dealers.

This was in the early years, and at that time the world did not hear of “Pegasus”, but a few years later, the Israeli technology was able to speak for itself in all parts of the world, especially in the Middle East, where it was used to track down the famous Emirati human rights activist Ahmed Mansour. 1) Then, in the killing of Saudi Washington Post journalist Jamal Khashoggi in late 2018 in his country’s consulate in Istanbul, Turkey (2), and then Pegasus gained fame as one of the most important electronic espionage tools in the world.

“Pegasus is simply a very ordinary spying application, but its main goal is to infect phones operating with “Android” and “iOS” systems, and its strength lies in the amount of data it collects and its high ability to collect data even in offline modes,” Mohamed Abdel tells us. Al-Basit, a cybersecurity expert and founder of Seekurity, revealed the identity of the Pegasus spy in an exclusive interview with Maidan.

Spyware such as Pegasus take advantage of the extent to which networked smartphones (3G, 4G, WiFi) penetrate our lives, voice communications, camera, email and text messages, GPS, and even passwords and contact lists.

With these capabilities, Pegasus' access to your phone turns it into a monitoring device, as simple as that.

Abdel Basset continues: “The strength of Pegasus that distinguishes it from any other spying application (because it is many) is its use of vulnerabilities unknown to owners of operating systems and applications, or what is known as zero-day exploits, and these are the first stages of contaminating the phone or infecting it. with malware.

The Pegasus attack appears to be very simple in nature and silent in its delivery.

An attack begins when an attacker sends a website URL (via SMS, email, social media, or any other message) to a specific target.

The user only has to take one action, which is to click on the link.

Abdel-Basit told Maidan: "Social Engineering Attacks means persuading the target to click on a specific link within the message's content. An example of this is what happened with the targeting of Omar Abdel Aziz, a Canadian citizen, which then led to knowing the location of his friend Jamal Khashoggi."

This happens even if the target closes the browser after clicking on the link. (3)(4)

Omar Abdel Aziz was in constant contact with the late Khashoggi (Al-Jazeera)

But the matter is not only that simple, there are other ways to contaminate the phone, Abdul Basit explains the pollution conditions to Maidan, saying: “One of these methods occurs silently without the intervention of the owner of the phone or his interaction, which is technically called [silent attack without clicking] or [Silent Zero]. -Click Attacks. This type of attack occurs by calling only the phone number of the target person and without touching the phone by its owner, because the contact itself carried out the contamination process through applications such as FaceTime and WhatsApp. Abdul Basit continues: “The second method contains interference Simple or interaction from the owner of the phone, and it is called [Less Interactive Attacks], and it is sufficient for the infection to display the received message only without even clicking on any links present in it, and an example of this is what has already happened in [Apple iMessages] services as well as [Android Media Messaging Service].” .

Once the program silently executes on the phone, it starts a series of breaches against the victim's device to remotely break the protection, so that spyware packages can be installed. Pre-installed, such as FaceTime, Calendar and the ones you get from the official App Store.

But how does Pegasus get to the point of contaminating applications in the operating system itself? Abdel Basset answers to Maidan: "Pegasus - as previously explained - is just an ordinary spying application in the way it enters the phone, whether iPhone or Android, but what distinguishes it is the way it pollutes the phone and its ability to upgrade itself to gain the largest possible number of powers in a process called [Privileges Escalation] ". Abdul Basit adds that this happens through the built-in pollutants that exploit system vulnerabilities to re-root for Android phones, or jailbreak for iOS phones, and this - as we mentioned previously - to get The highest powers, and then breaking the system's protections to gain access to the data of the various applications.

The Pegasus iOS hack, used in Apple phones, was discovered in August 2016. Human rights activist Ahmed Mansoor received a text message revealing “secrets” about torture taking place in UAE prisons, which he can access by clicking on a link sent to him. Mansour sent the link to Citizen Lab, a research institute specializing in the field of cyber security, and Lookout company, which specializes in the same field, which confirmed that if Mansour followed the link, his phone would have been hacked and the spyware was planted in it. 5)

But the actual start was not in 2016, but before that.

Lookout explained in a blog post: "We believe that Pegasus spyware has been around for a long period of time based on some indications within the code" (6).

The New York Times and The Times of Israel reported that the United Arab Emirates appears to have been using the program since 2013. (7)(8) Apparently, it was used in Panama by former President Ricardo Martinelli between 2012 and 2014, and before that in Mexico, as mentioned. ( 9)

To date, Pegasus is responsible for the most sophisticated attacks, so it is understood that Pegasus costs a high price, averaging over $25,000 per target.

In at least one case, NSO sold about 300 software licenses for $8 million. (12)

Yes, Pegasus is much more than having a spy in your pocket, it's like owning your entire life, or worse, having your mind and thoughts, including those you share during your inaccessible breaks.

In addition, spyware such as Pegasus not only penetrates the infected phone user, but also anticipates his entire social circle including his friends, family and colleagues, as happened with Khashoggi, who was accessed through the phone of his friend Omar Abdulaziz.

In other words, we tend to be governed by countries that know all there is to know about people, and about people who know less about themselves, even less than the governments of countries know about them.

How did the Israeli company achieve all this?

Abdel Basset Lamidan comments: “The exploits that are discovered to be suitable for penetrating applications and devices are traded between unethical hackers (Blackhat Exploit Developers) who sell these exploits at the highest price, or exploit brokers, and these are major companies that buy holes from interested hackers. By selling it to them, then the speculators sell it to many other companies that reuse it according to their desire.”

Abdelbaset adds that in the case of companies of the size of NSO, whose funding is very large, they rely entirely on themselves in the process of recruiting exploit developers to discover and write codes for how to exploit these vulnerabilities so that everything is inside the company (in-house), so that it does not depend Any outside sources expose the whole process to any danger.

You may be wondering: How much do these loopholes cost now?

Abdul Basit comments on the matter, saying: "As for the price of the loopholes, it starts at a million dollars or more. There are no borders specifically with governments or interested people who have an open budget."

When the company that owns Pegasus has been publicly criticized, the company's strategy has always been denial and disengagement.

She told The New York Times that its products are "licensed only to provide governments and law enforcement agencies with the ability to legally combat terrorism and crime." (13) The company prides itself that its products are subject to examination and licensing by the Israeli government, and that it does not tolerate abuse of its products, saying: "If There is a suspicion of abuse, we are investigating and taking appropriate action, including suspending or terminating the contract."

But the claims of the Israeli company seem far from true.

To impress the UAE as a potential client (14), the company hacked the phone of the Emir of Qatar, as well as one of the Emirs of Saudi Arabia.

The target list shows that they are often human rights activists and political opponents, not criminals, as the company and the regimes that use its products claim.

It's more complicated than you might think, and it's not easy to spot.

NSO has invested significant efforts in making its software difficult to detect, and it is now very difficult to identify Pegasus infections.

Security researchers suspect that newer versions of the software only occupy the phone's cache, which means that once the phone is turned off, almost every trace of the software disappears.

In fact, the program has the ability to self-destruct if detected.

Abdel Basset Lamidan says: “Self-destruction means that when you try to detect the software itself, or when there is an error in the targeting process, or when the software concludes that the target’s phone has lost connection to the Internet for a certain period of time (because this is evidence of the device being in technical laboratories). for analysis) the software automatically and completely deletes itself from the device without leaving any trace that enables it to be tracked.”

Recently, French President Emmanuel Macron spoke to Israeli Prime Minister Naftali Bennett, to ensure that the Israeli government was "properly investigating" allegations that the French president was one of the targets of Israeli-made spyware by Moroccan security services. (15) Macron's number appeared as one of the Target numbers in the leaked database (16), at a time when the company stated that Macron was not a "target" of any of its customers, which means that the company denies choosing to monitor using Pegasus. The company says that the fact that a number appears in the list does not in any way indicate whether that number was selected for monitoring using its software. (18)

But if the matter affected presidents and princes, did no one find a way to prevent it? Abdel Basset Maidan answers: “Pegasus is a very sophisticated spying application that relies on undeclared vulnerabilities, and this is the most dangerous part of the matter. Pegasus is dangerous, but with Pegasus it is impossible even with a high security awareness."

Abdul Basit adds that for the targeted people, such as public figures, rulers, etc., some of them have great security awareness, and some do not, but depending on the importance of the target character, the situation is different. For example, Jeff Bezos, the founder and former CEO of Amazon, even with all the caution and his phone is equipped with monitoring tools by an information security company, it is alleged that it was hacked by the dangerous software Pegasus, so the targeted people sometimes deliberately not use the technology You target malware to avoid problems.

Edward Snowden, the maverick computer intelligence consultant who leaked top-secret data while working for the US National Security Agency in 2013, was barely in his thirties when he predicted the grim reality: Cheaper, more effective, more available. If we don't do something, we're kind of headed toward a state of complete surveillance with unlimited ability to gather information. And that's a very dangerous combination, that's the direction of the future."(19)

Mohamed Abdel Basset, a technical expert for Meydan, comments in this regard, "The technical gaps that can cause the loss of a person's life are no less dangerous than a pistol bullet that kills a person in real life."

——————————————————————————————————————————————————————————————

Sources

  • Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text

  •  The Kingdom came to Canada: How digital espionage linked to Saudi Arabia reached Canadian soil

  • Technical Analysis of Pegasus Spyware 

  • Forensic Methodology Report: How to catch NSO Group's Pegasus

  • Who are the hackers who cracked the iPhone?

  • Sophisticated, persistent mobile attack against high-value targets on iOS: 

  •  Hacking a Prince, an Emir and a Journalist to Impress a Clien:

  •  How Spy Tech Firms Let Governments See Everything on a Smartphone:

  • El controversial pasado de Pegasus en Panama

  • Technical Analysis of Pegasus Spyware 

  •  previous source

  •  previous source

  •  Hacking a Prince, an Emir and a Journalist to Impress a Clien:

  •  previous source

  • Emmanuel Macron 'pushes for Israeli inquiry' into NSO spyware concerns:

  • Emmanuel Macron identified in leaked Pegasus project data: 

  • Emmanuel Macron 'pushes for Israeli inquiry' into NSO spyware concerns:

  •  This is no ordinary spying.

    Our most intimate selves are now exposed: