These sites had something to inspire confidence.
They were called Amnesty Report, Refugee International, Euro News or CNN 24-7.
But a simple visit to their home page resulted in the installation of a virus on the smartphone used by the Internet user.
And not just any, since it is highly sophisticated spyware sold by an Israeli company that has been used by several governments to spy on journalists or activists.
A cybersurveillance tool that looks like Pegasus, the nosy program from NSO, has the same functionality, but is not Pegasus.
In the big leagues
In this case, this spyware is called Candiru and recent revelations about its deployment in ten countries could have caused much more media noise.
But the Pegasus scandal, revealed on Sunday July 18 by the Forbidden Stories investigative consortium in partnership with Amnesty International, went through this.
Since then, the notorious electronic surveillance tool used to spy on dozens of journalists, politicians and activists around the world has captured all media attention.
Yet the example of Candiru demonstrates that NSO's software is not unique.
There is a whole forest of cyber surveillance behind the Pegasus tree.
"If we take this market in the broad sense, there are thousands of tools that allow you to spy on what is happening on a cell phone", underlines Bastien Bobe, technical director for Southern Europe of the cybersecurity company on Lookout smartphones, contacted by France 24.
But within that ecosystem, there is a tiny elite of Big Brothers that Pegasus belongs to.
"There are no more than half a dozen players who play in the same court as NSO", continues this expert from Lookout, one of the first cybersecurity companies to have analyzed Pegasus in 2016.
Read also on France 24: After the Pegasus scandal, limited international consequences?
This handful of actors do not stand out thanks to the sophistication of their spyware.
The capabilities of Pegasus - listen to conversations, read messages sent on WhatsApp or Telegram, take pictures with the hacked device, geotag the smartphone, etc.
- no longer have anything extraordinary in 2021.
What distinguishes these lords of cybersurveillance equipment is "their ability to guarantee their customers that spyware will be installed discreetly on the victims' terminals," says Bastien Bobe.
Pegasus belongs to this small family of spyware that can be activated remotely without any interaction with the victim.
In other words, the target does not need to click a link, go to a bogus site, or reply to a message for the monitoring program to kick in.
Just enter the phone number to monitor on a remote control platform and voila, Pegasus takes care of the rest.
Discretion assured
To further improve their discretion, these few players at the forefront of cyber espionage "use technological vulnerabilities of the targeted devices - iPhone and Android - which are not yet known to the manufacturers of these smartphones", specifies Pierre Delcher, cybersecurity researcher for the company Russian computer security Kaspersky, contacted by France 24.
The recent revelations about Pegasus have shown that the small tool from NSO was installed on the iPhone of the victims by exploiting a flaw in the iMessage service that had escaped Apple. "It was enough to send a code on the number of the victim to put the iPhone on tapping. The recipient did not even need to open the message", notes Philippe Rondel, cybersecurity expert for the computer security company Check Point, contacted by France 24.
It is this ability to act with complete discretion that is the number 1 selling point of these few stars of private cybersurveillance.
Besides NSO, there are other Israeli companies and at least one "Northern European group" which are able to offer the same level of service, assures Bastien Bobe, who refuses to say more about the identity of these digital arms dealers.
If NSO is the best known of these spyware resellers, it is essentially "because it is the group which has the most customers in the world and which most openly promotes its know-how", believes Philippe Rondel, the Check Point expert.
This company also represents "the cyber arm of Israeli diplomacy," says Bastien Bobe.
He adds that when the Jewish state signs an agreement with another nation, it can include clauses that NSO will provide its infamous spyware to the intelligence service of the signatory country.
A way for the government to politically make profitable the highly developed sector of cyberespionage, of which Pegasus and Candiru are just two examples.
Thus, access to NSO's technology "has surely helped to finalize agreements to standardize relations with certain Arab countries", such as Morocco or the United Arab Emirates, affirmed Yoel Guzansky, researcher at the Institute. Israeli for national security, interviewed by AFP.
A booming market
The revelations of the Forbidden Stories consortium also prove that there is a significant demand for this type of tool. NSO had around 30 state clients willing to spend millions of dollars to better fight terrorism… or spy on journalists and opinion leaders.
"It is a booming market. There is a proliferation of actors and methods of espionage offered," says Bastien Bobe. Thus, those who cannot afford the services of the elite of this sector may fall back on companies that offer spyware that requires, for example, only one interaction with the victim, as is the case. case with Candiru. It is then sufficient for the owner of the targeted smartphone to open a message or a trapped link. "It is much cheaper and there are dozens of companies that sell this type of service a little less discreet", specifies the expert from Lookout.
And all these cybersurveillance mercenaries are becoming more and more sophisticated, which means "that in five years there will be dozens of companies offering the same level of services as NSO", says Bastien Bobe.
The risk will then be that this very powerful spyware, currently reserved for state intelligence services, ends up in the hands of ordinary cybercriminals.
"We often see that the cyber weapons used by States end up for sale on the cybercrime black market", points out Philippe Rondel.
This is why it is urgent, according to Pierre Delcher of Kaspersky, to "regulate more the trade and the export of this software in order to better control this sector".
Who knows what damage a bunch of cybercriminals could do if they got their hands on a weapon of Pegasus' caliber, capable of stealthily siphoning personal information from any phone.
The summary of the week
France 24 invites you to come back to the news that marked the week
I subscribe
Take international news everywhere with you!
Download the France 24 application
google-play-badge_FR