Pegasus: spyware for governments

When we think of cyber attacks, we usually think of China and Russia. Those who attribute the intensity of their denial to the amount of evidence of the attack. But of course, Western countries do not wash their hands with innocence when it comes to cyber attacks. The biggest example, of course, is the massive unauthorized (and human rights-violating) surveillance, hacking and attacks by the US NSA, UK GCHQ and Western partners, which have come to light thanks to Edward Snowden.

The latest government malware scandal comes from Israel. Unusual, but not entirely unexpected. Israel has previously been put on the map when it comes to cyberattacks, thanks to the Stuxnet malware. This malware was extremely sophisticated and was designed to shut down Iranian nuclear reactors used for Iran’s nuclear program. successfully. Stuxnet was discovered and vulnerabilities were exposed that were used by the malware to do its job. This started a chain reaction of cybercrime, allowing cybercriminals to get rid of code and vulnerabilities to develop their own malware.

Behind Pegasus is the Israeli NSO Group, a technology firm that claims to develop surveillance tools and license it to foreign governments. In his own words, only to fight crime and terrorist organizations. Although leaks show that not all government buyers are equally credible, and many targets are not criminals or terrorists, but often journalists and dissidents. The NSO Group hides behind the uncertainty of the source of the leaks uncovered by many media (including The Guardian).

The data breaches involve a database of 50,000 phone numbers of alleged targets since 2016. Forbidden Stories and Amnesty International, a French non-profit journalist organization, took the list and worked with 16 media agencies to report.

Like Stuxnet, Pegasus recognizes that the malware is highly advanced; basically anyone with a smartphone can be a target. The malware is also used for targeted shooting. Searching for specific targets for cyber attack. The researchers who uncovered Pegasus had a hard time detecting the malware. For example, forensics at Amnesty International’s security lab had to be done to find the malware’s activities. It is not yet known how the malware landed on a device. Besides the question of who the customer is. Pegasus targets and enforcers were exposed primarily through a data breach.

The malware manages to infiltrate a smartphone using vulnerabilities in the device and installed apps. It is also possible to install malware on a device by having the target open a link pointing to the malware.

When Pegasus embeds itself in a smartphone, it can theoretically achieve anything. Save your text messages, emails, chats (both WhatsApp and iMessage), files, photos and videos, your contact list, calendar and location data, microphone, camera and even system components such as phone calls.

The malware arsenal is so extensive that it doesn’t matter if the target uses an iPhone or Android smartphone.

Although NSO Group states that it has 60 customers in 40 countries, it does not disclose who its customers are. Examination of the data identified multiple governments, including Mexico, Morocco, Hungary, India, Saudi Arabia and Rwanda. A diverse palette of governments, including countries that struggle with freedom of the press and are therefore keen on such tools to monitor journalists (and their contacts). The fact that the malware was found on journalists’ smartphones shows that this is indeed the case. But judges, human rights activists, businessmen, diplomats and government officials have also been targeted. More stories about possible targets will be revealed in the coming weeks.

It was also revealed in April 2022 that at least five EU officials were targeted by Pegasus. Under the name Didier Reynders; One of the Commissioners of the European Commission. It is unknown who was behind the attack. The NSO Group is also washing its hands in innocence. The European Parliament is investigating whether spyware was used in the European Union.

We are all brought up with rational behavior on the internet. Protect your computer with a virus scanner, don’t just click on links, don’t leave your data everywhere, don’t always hit OK and be careful what you load. Pegasus is proof that if you’re an interesting target, you can always be infected. Whatever your good internet habits are. It just depends on how much a customer is willing to follow you.

Because the malware is invisible, you won’t be aware of any malware infection or running. The reason Pegasus is so targeted is probably to keep malware and vulnerabilities hidden. This is scary. Also, governments use it to spy. After the revelations of Edward Snowden, the backlash was that the government’s cyberattacks were used for security. For example, the fight against terrorism. In fact, the target list shows that government malware is still used for the opposite, and certainly not just from the famous regions of China and Russia.

Now that the malware has come to light, another problem arises. After Stuxnet, a lot of new malware was developed that exploited the code fragments and vulnerabilities from the malware. That may be the case again, now that Pegasus has been discovered. If a malicious one finds and decrypts the malware, it can be used for large-scale malware, such as ransomware distribution.

It is still unclear whether there are Dutch targets. It is also not yet known whether the Dutch governments and secret services are clients of the NSO Group. However, there are many reasons for concern. There is a possibility that the Dutch governments and secret services are not clients of the NSO Group. However, it would be naive to think that there is no such malware distributed here. It can be developed in-house, used in collaboration with other secret services, or purchased from other companies.

For example, De Volkskrant tried to find out if Dutch police were using hacking software, including Pegasus. Journalists sought to find out through the Public Access Act (WOB). Although this data request was upheld by the court, the police still refuse to reveal the facts. Despite the fine (up to 15,000 Euros).

When asked, the watchdog cabinet also kept its mouth shut when asked in September 2021 whether the government used Pegasus for spying.

Despite ignoring the rules for WOB implementation, it is private that the Dutch secret services are allowed to use it. Without having to explain what tools and vulnerabilities were used. Second, it will contribute to a safer digital world for all. The controversial Intelligence and Security Services Act 2017 (Wiv 2017), also known as the Sleep Act, gives it the green light. The law was passed after it was rejected in an advisory referendum in 2018, yet a review committee (TIB) was formed (among other things).

Still, the law gave secret services the freedom to use this type of malware. In this way, communication can be heard from everyone. Also from non-suspect citizens and people who have been around a suspicious person. Equipment can be hacked and data collected can be shared with foreign regimes without specifying which ones. Also, no need to share what tools or shady companies are used for hacking and infections.

The first reports of Pegasus malware emerged recently. Various media outlets are working with Amnesty International and Forbidden Stories to bring the abuses to light.