Pegasus

Suicide Drone

Pegasus is said to be one of the most intrusive spyware programs in the world. The Pegasus spyware (at times referred to as Q Suite) is created and operated by the Israeli cyber company  NSO . The company uses different methods to install the software on mobile devices (both iOS and Androids) without the user’s knowledge or permission. This includes both exploiting vulnerabilities of other programs (as was done with WhatsApp), as well as through sophisticated deception of the target. Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity, and use the GPS function to track a target’s location and movements.

The research center “Citizen’s Lab” has exposed the use of the software by the Mexican government against journalists and Human Rights activists, by the Moroccan government against human rights activists, by Spain against Catalonian politicians, and many more.

Pegasus

Pegasus by NSO Group is said to be one of the most intrusive spyware programs in the world. The Pegasus mobile phone spyware suite (at times referred to as Q Suite) is created and operated by the Israeli cyber company NSO Group. The company uses different methods to install the software on mobile devices (both iOS and Androids) without the user’s knowledge or permission. This includes both exploiting vulnerabilities of other programs (as was done with WhatsApp), as well as through sophisticated deception of the target. Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity and use the GPS function to track a target’s location and movements.

The private equity firm Francisco Partners purchased NSO for $120 million in 2014.  NSO has close partnerships with a variety of other Israeli surveillance firms as they seek to spread their spy kit across the world. These include among others Ability Inc. Another Israeli company that made headlines for hacking iPhones, Cellebrite, has also been in communication with NSO, though they operate at different levels of police investigations. In 2019, the company was acquired by its founders and management, with the support of European private equity firm Novalpina Capital. Q cyber, an NSO affiliate, holds 63% of issued ordinary shares.

The research center Citizen Lab[1] has exposed the use of the software by the Mexican government against journalists and Human Rights activists, by the Moroccan government against human rights activists, by Spain against Catalonian politicians, and many more. The spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders. It was implicated in the killing of Saudi journalist Jamal Khashoggi in Istanbul in 2018.

Several alleged targets and civil society figures sued NSO in an Israeli court over the hacking. In 2019, Facebook filed a lawsuit against NSO, alleging computer fraud, claiming that NSO Group tried to infect roughly 1,400 “target devices” with their malicious software to steal valuable information from activists, journalists and others using the messaging app Whatsapp.[2] In the lawsuit, WhatsApp claims that servers controlled by NSO rather than government clients were an integral part of the way the hacks were executed.

According to Citizen Lab 45 countries were identified with Pegasus Spyware infections: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia.[3]

NSO Group had been given explicit permission by the Israeli government to try to sell the homegrown hacking tools to Saudi Arabia. It was a classified arrangement and resulted in the sale later being sealed in Riyadh in a deal reportedly worth at least $55m.[6] In the case of Saudi Arabia, sources familiar with the matter said the kingdom was temporarily cut off from using Pegasus in 2018, for several months, following the murder of Jamal Khashoggi, but was allowed to begin using the spyware again in 2019 following the intervention of the Israeli government.[6]

10 countries that the forensic analysis for the Pegasus project suggests have actually been abusing the technology all enjoy trade relations with Israel or have diplomatic ties with the country that have been improving markedly in recent years. In two NSO client countries, India and Hungary, it appears governments began using the company’s technology as or after their respective prime ministers met the then Israeli prime minister, Benjamin Netanyahu, in high-profile encounters intended to boost trade and security cooperation. It is understood no countries that are considered enemies of Israel have been allowed to buy NSO’s wares.[6]

Surveillance on Journalists and Human Rights Defenders

In another report[4], Citizen Lab exposed that dozens of journalists at Al-Jazeera, the Qatari state-owned media company, have been targeted by malware linked to the NSO Group. The malware infected the personal phones of 36 workers at Al-Jazeera. The attacks were tied “with medium confidence” to Emirati and Saudi governments.

According to an investigation by Forbidden Stories, published in July 2021, at least 180 journalists around the world have been selected as targets by clients of the cybersurveillance company NSO Group.

Forbidden Stories and Amnesty International had access to a leak of more than 50,000 records of phone numbers that NSO clients selected for surveillance. According to an analysis of these records by Forbidden Stories and its partners, the phones of at least 180 journalists were selected in 20 countries by at least 10 NSO clients. These government clients range from autocratic (Bahrain, Morocco and Saudi Arabia) to democratic (India and Mexico) and span the entire world, from Hungary and Azerbaijan in Europe to Togo and Rwanda in Africa.[5]

Countries where journalists were selected as targets according to the Forbidden Stories investigation[5]:

Use by Israeli forces:

Citizenlab identified several operators operating in Israel: four that appear to operate domestically and one that appears to operate both in Israel, as well as other countries including the Netherlands, Palestine, Qatar, Turkey, and the USA. As NSO Group is based in Israel, some of these might perhaps be demonstration or testing systems.[7]

Pegasus

Suicide Drone

Pegasus is said to be one of the most intrusive spyware programs in the world. The Pegasus mobile phone spyware suite (at times referred to as Q Suite) is created and operated by the Israeli cyber company NSO Group. The company uses different methods to install the software on mobile devices (both iOS and Androids) without the user’s knowledge or permission. This includes both exploiting vulnerabilities of other programs (as was done with WhatsApp), as well as through sophisticated deception of the target. Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity and use the GPS function to track a target’s location and movements.

The private equity firm Francisco Partners purchased NSO for $120 million in 2014.  NSO has close partnerships with a variety of other Israeli surveillance firms as they seek to spread their spy kit across the world. These include among others Ability Inc. Another Israeli company that made headlines for hacking iPhones, Cellebrite, has also been in communication with NSO, though they operate at different levels of police investigations. In 2019, the company was acquired by its founders and management, with the support of European private equity firm Novalpina Capital. Q cyber, an NSO affiliate, holds 63% of issued ordinary shares.

The research center Citizen Lab[1] has exposed the use of the software by the Mexican government against journalists and Human Rights activists, by the Moroccan government against human rights activists, by Spain against Catalonian politicians, and many more. The spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defendes. It was implicated in the killing of Saudi journalist Jamal Khashoggi in Istanbul in 2018. Several alleged targets and civil society figures sued NSO in an Israeli court over the hacking. In 2019, Facebook filed a lawsuit against NSO, alleging computer fraud, claiming that NSO Group tried to infect roughly 1,400 “target devices” with their malicious software to steal valuable information from activists, journalists and others using the messaging app Whatsapp.[2] In the lawsuit, WhatsApp claims that servers controlled by NSO rather than government clients were an integral part of the way the hacks were executed. 8

According to Citizen Lab 45 countries were identified with Pegasus Spyware infections: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia.[3]

In another report[4], Citizen Lab exposed that dozens of journalists at Al-Jazeera, the Qatari state-owned media company, have been targeted by malware linked to the NSO Group. The malware infected the personal phones of 36 workers at Al-Jazeera. The attacks were tied “with medium confidence” to Emirati and Saudi governments.