Explained: The creation of Pegasus, from a startup to a global leader in spy technology



[ad_1]

Hundreds of thousands of cybersecurity researchers employed by top tech companies spend almost all of their time finding and fixing vulnerabilities in their software code. Companies that manage technology products and solutions even have bounty programs to reward independent cybersecurity researchers for spotting flaws that they may have missed themselves. In such an ecosystem, a cyber-offensive tool that would be used by governments around the world would require the tool to deceive not only the targets but also the platform through which it is delivered.

The Israeli group NSO, which is at the heart of the alleged state surveillance thousands of human rights activists, lawyers, journalists, politicians and dissidents in countries like India, has built such a tool – Pegasus, the world’s most invasive spyware. It can find a route to the device of a target which is unknown to the developer of the device and its software, and without the target taking any action such as clicking a link.

Pegasus: the beginnings

According to a profile of the NSO group published by the French association Forbidden Stories, which published the “Pegasus Project” with its media partners, the company was created by Shalev Hulio and Omri Lavie, friends who started with an investment startup. of product. MediaEnd in the early 2000s. The startup was all but wiped out by the 2008 recession, but Hulio and Lavie found an opportunity with the 2007 launch of Apple’s iPhone. It marked a turning point: people began to use handheld devices for more than large-scale calling and texting.

Hulio and Lavie launched Communitake, Forbidden Stories reported, which allows users to take control of any smartphone remotely. This was originally intended for mobile operators, who would like to take control of devices to provide technical support. But as the use of smartphones has spread and the need to provide security features like encrypted messaging services has arisen, this has posed a challenge for law enforcement and law enforcement agencies. intelligence.

Until now, intelligence agencies intercepted a message or a call while it was in transit over the networks of telecommunications companies. But encrypted services meant that without the encryption key, they could no longer access the message, unless they accessed the device itself and decrypted the communication.

“Without knowing it, Hulio and Lavie had solved the problem for them: agencies could just hack into the phone itself, bypassing the encryption and giving them all the information they needed and more. As Hulio recounts, the two Israeli entrepreneurs were approached by intelligence agencies interested in their technology. Hulio and Lavie knew little about the opaque world of cyber intelligence, but they decided to give it a go. They brought in Niv Carmi, a former Mossad intelligence and security expert, and formed the NSO group in 2010. The trio (Niv, Shalev and Omrie, or NSO, for short) functioned with clear roles: Niv Carmi was in charge of the technology and Hulio and Lavie the business, ”noted Forbidden Stories.

Spy-tech and zero-click

From there, NSO began to focus on building Pegasus as a spy solution for intelligence agencies and law enforcement. The narrative they built was that government agencies would use it to fight terrorism, drug trafficking, etc. But its first known public client – Mexico – then equipped itself with cyber-espionage tools to fight drug trafficking, went beyond the scenario. Forbidden Stories reported that more than 15,000 issues were selected for targeting by Mexican agencies between 2016 and 2017. These included those close to then-candidate Andres Manuel Lopez Obrador, now Mexican President, as well as journalists, dissidents, their colleagues and members of their families.

“The Mexican government loved Pegasus so much that it ended up equipping several of its agencies with the spyware tool: in addition to the attorney general’s office, the Mexican intelligence office and military also gained access. In turn, NSO Group has continued to bring juicier offerings to its customers – each technology more sophisticated than the last, ”Forbidden Stories reported.

This catapulted NSO Group into the industry leader in spy technology, leaving behind heavyweights such as European companies Hacking Team and FinFisher.

Until then, Pegasus had used attack vectors such as malicious links in emails and text messages. Once clicked, the link would install the spyware, giving the hacker full access to the device without the target’s knowledge. Then he moved on to zero click infections.

Such infections, used in WhatsApp and iMessage hacks, do not require any end user intervention. On WhatsApp, a missed call on the voice call feature would insert malicious code into the device. With iMessage, a brief preview of the message did the trick.

Bulletin | Click for the best explanations of the day to your inbox

Wider clientele

In 2014, a US-based private investment firm, Francisco Partners, bought NSO Group for $ 120 million. With this, the company began to focus on finding vulnerabilities in various applications used by consumers of smartphones. It also helped him gain a wider range of clients.

A 2018 report from the Citizen Lab of Canada revealed suspected Pegasus infections associated with 33 of the 36 Pegasus operators it identified in 45 countries.

The NSO group also found itself in the crosshairs of the murder of Saudi journalist Jamal Khashoggi in October 2018. A few months later, in February 2019, Hulio and Lavie bought the company from Francisco Partners with the help of Novalpina, an investment company backed by European venture capitalists for an amount of 850 million dollars.

At the time, Novalpina said it would ensure that NSO Group’s technology is used only for lawful purposes. However, little changed. In July 2020, The Citizen Lab wrote to the South Yorkshire Pensions Authority, which invested in Novalpina, and highlighted new research showing “the use of NSO group technology against civil society, media, advocates of human rights and members of the political opposition ”.

A year later, Forbidden Stories, Amnesty International and 17 media partners published reports on a list of 50,000 names, including journalists, opposition members, activists and even members of the administration selected to be monitored using Pegasus.

The ONS response

Responding to questions from the Indian Express, an ONS spokesperson said the investigation “has been shaky from the start.” The spokesperson dismissed the list as “the equivalent of opening the blank pages, randomly picking 50,000 issues and pulling the headlines out of them.” The spokesperson said that “the report itself indicated that” it is not known how many phones have been targeted or monitored “,” and that “even the editor of the Washington Post said that” the purpose of the list could not be conclusively determined “.

Importantly, however, the spokesperson said the company would investigate “all credible allegations” of misuse of its technology and take strong action, including shutting down the customer’s system, if warranted.

“The NSO Group will continue to investigate all credible allegations of abuse and take appropriate action based on the results of those investigations. This includes shutting down a customer’s system, something NSO has proven its ability and willingness to do, due to confirmed misuse, has done several times in the past, and will not hesitate to do so. again if the situation warrants it, ”the spokesperson said. .

[ad_2]
Source link