31 Jul Spyware Malfunctioning
Read this with the view that you know nothing about NSO Group and Pegasus software. Remain curious with a hint of skepticism because this story is a conspiracy theory with an extraordinary amount of evidence.
Listening to The Guardian’s special 5 part podcast series, The Pegasus Project, to get a true understanding of how it is that governments and national law enforcement agencies pay NSO Group, the Israeli spyware company, to use their Pegasus software, under the guise that they will use it ‘to save lives’. NSO says they vet all their clients but some of their clients are countries and enforcement authorities have a contestable human rights record. They may come to NSO group with well intentioned tenders but this surveillance software is sold to clients with cash.
The journalists working on this investigation have had to find new ways to communicate, techniques and digital know-how they cannot share. Michael Safi, the podcast host, sounds paranoid but with good reason. The Guardian were invited to Paris to meet with a not-for-profit journalist organisation, Forbidden Stories, to reveal and share a leak that they had acquired but it had to be face to face, “in the midst of a pandemic”.
There is no line in the sand with Pegasus software, our phones are a part of us, Safi is disappointed when he says, “you can’t live with them, you can’t live without them”. He now keeps his devices in another room of his house, between mattresses. An ordinary person will never know they’ve been hacked and the software allows the user to remotely access your phone’s hardware so that they can turn on/off recording capability, see meeting dates and access messages, calendars, call history and contacts. It won’t matter that you are using Signal, Whatsapp or other encrypted messaging service because the surveillance is on the inside.
How the malware hacks into your mobile device is fairly innocuous, like a missed call from an unknown number or a text message reporting a package has been delivered. Day to day scams that we dismiss but can have lasting, damaging effects to our privacy and safety.
The journalists were surprised by the sheer volume of the leak. Stephanie Kirchgaessner, the US correspondent for The Guardian, detailed the effort and commitment to chase one lead in a tech surveillance story and here they were with tens of thousands of mobile numbers, without names attached, that were reportedly individuals earmarked for surveillance of Pegasus software. NSO Group pitch themselves as protecting everyday ordinary citizens from organised crime and terrorists but on the leaked list of numbers were human rights lawyers, journalists and activists, from all over the world.
According to The Guardian this was the first time in history that data had been retrieved, on this scale, targeting individuals. They refer to Ed Snowden’s uncovering of the ‘apparatus’ used by the US government to target populations or demographics but not individual victims of surveillance and spying. Ed Snowden has his own take on the Pegasus Project here and it is well worth a read. He highlights that national security is inevitably outsourced, how do we trust private companies to infiltrate the lives of civilians? The Pegasus Project is well worth diving into to appreciate who has the power and are they using it responsibly? We, at Faster Networks, highly recommend you listen for yourself.
Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.