$ 55 million. How is the Pegasus espionage program bought from Saudi Arabia by Israel?

Message from the site – Al Jazeera Net

Monday, November 26, 2018 7:30 pm

The Israeli spy group NSO has signed a page with Saudi officials for the sale of a $ 55 million program aimed at the mobile phone called Pegasus 3, a Sunday newspaper reported.

The murder of Saudi journalist Jamal Khashoggi at his consulate in Istanbul last month and the use of the Pegasus program by Saudi Arabia have also been reported, according to the famous Edward Snowden TV channel, which in a video interview with Israeli reporters from Moscow asked: "How did they know what his intentions were and how did they decide that he was someone who needed action against him?" and that he deserved to take risks? "
What is this program? Is that bad?

NSO Group

"NSO" is an Israeli company established in 2010 and specializes in the development of cyber espionage tools. It employs approximately 500 people and is located near Tel Aviv.

According to the Canadian Internet Statistical Control Laboratory, "Pegasus", marketed by the company, the company has been very controversial in recent years. It is used by countries characterized by "suspicious human rights records and dates of arbitrary state security".

Pegasus is a very expensive spyware. According to the Fast6 price list, NASO is asking its customers $ 650,000 to penetrate 10 devices and $ 0.5 million to install software.

Discovery

Pegasus is one of the most dangerous and "most complex" spyware. It is specifically for the Apple operating system, but there is a version of Android slightly different from the iOS version.

The researchers discovered this program for the first time in August 2016 after an unsuccessful attempt to install it on an iPhone addressed to a human rights defender in the UAE, Ahmed Mansour, through a link suspect in an SMS. The survey revealed the details of the program and its potential,.

How dangerous he is

Kaspersky, specializing in anti-virus programs, claims that Pegasus is a "modular malware) That is to say that it is composed of modules where it starts by analyzing the target device, then installs the module necessary to read the user's e-mail, listen to calls, take screenshots, record keystrokes, drag the Internet browser history and contacts.

It can listen to encrypted audio files and read encrypted messages, thanks to its ability to record keystrokes and voice recordings, to steal messages before encrypting them (and messages received after decryption).

"The program can do everything users can do, including reading text messages, using a camera and microphone, adding and deleting files, and processing data," said Scott Raiton, researcher at Citizen Blog.

How it works?

Phishing is the most common method to infect the device with this spyware, by sending a suspicious link to the victim with an email. When the client clicks on it, the virus is installed on the device.

When the virus discovered for the first time that the target was an iPhone phone running an uninterrupted version of IOS (iOS not jailbrokenThe researchers have therefore described this attack as the most complex attack ever seen.

The program builds on three unknown gaps in the IOS system from version 7 to 9.3.4, called "Zero-Day", allowing the virus to enter the operating system silently and unobtrusively. to install spyware.

Target

Since Pegasus is a highly targeted and expensive spy program, the actors use it to attack "valuable" members of political activists or others with access to important, sensitive and confidential information.

But it is also likely to be used to attack specific targets for multiple purposes, including spying on big business. Leaders, CEOs, finance executives, and teams are often threatened because they typically have access to confidential data, especially on their mobile devices.

IOS and Android
The Android version, which was discovered in 2017, is not much different from the IOS version, but it does not rely on zero-day violations to penetrate the device, but rests on a well known method of violation of the protection of the device called "paramart".Framaroot).

Another difference is that if the iOS version fails to break the protection of the device, the attack as a whole fails, but in the case of the Android version, even if the virus fails to access the root of the phone to install the spyware, it will always try to ask the user to obtain the necessary permissions. To generate at least some data.

Protection

Usually, when a new version of Pegasus is released for IOS, Apple reacts quickly to deal with it, and the company has released a security update to fill any gaps mentioned. Google uses another way to directly alert target users of the virus.

According to Kaspersky, if you have updated the operating system to the latest version and you have not received a warning message from Google, Pegasus is probably safe. Always update your device with the latest patches and install effective security solutions.

Spread size

Over the last two years, Citizen Lab has searched Pegasus-related servers on the Internet and found traces in 45 countries, including 17 Arab countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Morocco , Oman, Palestine, Qatar, Saudi Arabia, Tunisia, United Arab Emirates and Yemen. With countries such as the United States, the United Kingdom, Canada, France, Israel and Turkey.

In its September report, the institute said it had identified what appeared to be a significant expansion of the use of PEGASUS in GCC countries. In total, at least six operators have been identified as having significant activities in the GCC, two of them appearing to focus primarily on the UAE, one mainly on Bahrain and one on Saudi Arabia.