It is so efficient that costs 8 million euros: Pegasus surveillance software returns to the headlines for spying on 180 journalists and thousands of human rights activists.
The news, released by the NGO Forbidden Stories e da Amnesty International and reported by 17 newspapers, is shaking half the world because it also involves politicians and heads of state and, as Edward Snowden has already stated, could represent the biggest breach of privacy since Prism, the US electronic surveillance program unveiled by him in 2013.
I study
Who spies our data online? Surfshark lines up the most peeping apps
by Ernesto Assante
Let’s go in order: Pegasus, named after the winged horse from Greek mythology, is a surveillance software produced by an Israeli company, the Nso Group, for anti-crime and anti-terrorism purposes, over which the government of Naftali Bennet, like the previous ones, maintains strict control.
Pegasus is designed for collect text messages, intercept phone calls, geolocate the user and copy their passwords. Which is why it has been used by many governments in the past to monitor the activities of anyone who, according to them, could represent a danger to national security.
But the Pegasus software would also be used for stalking in and out of cyberspace the journalist Jamal Khashoggi, murdered by Saudi intelligence according to the Americans, and about 20 members of his family, including a close associate who later fled to Canada. But it is not the first time that it is in the spotlight: it is since 2016 that Amnesty International and the Citizen Lab in Toronto denounce its illegal use against privacy lawyers and human and civil rights activists in 45 countries around the world, from Egypt to Mexico.
This time, second as reported by the Amnesty Security Tech Lab, led by the Italian Claudio Guarnieri, would have served to monitor over 50 thousand telephone users of journalists, politicians, lawyers, and even 13 heads of state (including 3 Europeans) by the governments of Mexico, India, Morocco, Indonesia, Rwanda, Togo and even Hungary of Orban, who would use it to control opponents; 15 thousand users are Mexican and among these there is that of a journalist killed in 2018, Cecilio Pineda Birto.
The news was reported by the Guardian, by the New York Times, the Associated Press, Reuters and other international newspapers.
How Pegasus Works
For Claudio Guarnieri once a phone is infected with Pegasus, an Nso customer could not only take control of it, but also read encrypted messaging on WhatsApp, Telegram and Signal and track a person’s past movements and location in real time, with the utmost precision, for example by determining the direction and speed in which he travels by car.
In short: it had to be one tool against organized crime and terrorism, but with these features Pegasus can be used like any spyware.
For these reasons, Stefano Quintarelli, president of the United Nations Advisory Group on Advanced Technologies, told us that “all spyware are essential tools for criminal investigations, but their use confers enormous power, capable of destabilizing a state. their putting into production must be controlled, as well as their use. In our devices there is a copy of our life. Whoever takes control of our phone can do everything without being noticed, also put in child pornography images and then denounce us. What if the target was a mayor or a minister? It is urgent to tackle the issue by taking up the proposal I made as a deputy in the last legislature. You can’t always and only think about telephone or environmental recordings. “
Like other spy software, Pegasus is inoculated into the victim’s phone as a result of the user’s action and from that moment is able to forward emails, photos and videos to those who control the hacked phone, remotely, also being able to activate the microphone and the camera. Applies to all phones, even particularly safe ones like the iPhone. And apparently it would be able to read any type of chat, even if done with apps with end-to-end encryption, which encrypts it from the sender to the receiver. In the case of Pegasus, its programmers would have exploited the vulnerabilities of the software it interacts with. It is often about 0-Day, the software vulnerabilities “known for 0 days”, that is, unknown to the rest of the world, and which, sold and bought both in criminal circuits and through legal brokerage agencies, once discovered, are exploited to open the door to spy software.
The guide
Less data, more privacy: here are the alternative search engines to Google
by Carlo Lavalle
It gets worse: for Guarnieri’s team, Nso technology makes it possible penetrate phones with zero-click attacks, that is, without a user having to click on a malicious link to get infected, while also finding evidence that Nso would have exploited the vulnerabilities associated with iMessage, which is installed on all iPhones.
According to Snowden, this is the story of the year. With important legal and political implications. In fact, the lawsuit between Facebook and the Nso is still standing, considered by Zuckerberg’s lawyers to be responsible for hacking 1400 WhatsApp users. Thesis denied by the Israelis of Nso, who reacted to the accusation last year by counterattacking: according to the CEO of the company, two Facebook representatives would have approached their executives in 2017 for purchase the rights to use the surveillance software and monitor their users. Nso has invoked immunity to close the case, but in April two judges considered the request of the IT company premature.
The Pegasus spyware was first discovered on iPhones in 2016, exploiting a vulnerability that was activated by clicking on a missed call from WhatsApp (it came from a Swedish prefix) capable of inoculating the surveillance software, checking the microphone and the phone’s camera, collecting passwords and rummaging through photos and e-mail messages : Apple released an update in August 2016 aimed at closing the vulnerabilities. The same had happened with the devices Android.
.