Connect with us

The Political Consequences of Pegasus Spyware: What Happened to Phone Surveillance Technology

Published

on

Activists and researchers found that the software was used to attack the phones of activists, journalists and businessmen. The governments of different countries expressed their dissatisfaction.

The Pegasus incident is a wacky case of digital espionage. Security researchers have uncovered evidence of attempts or successful installation of Pegasus software, created by an Israeli cybersecurity company, on 37 phones of activists, journalists and businessmen. It appears that activists and others have become the targets of covert surveillance by software designed to pursue criminals and terrorists.

Suddenly, a politically explosive problem arose. Israel has come under tremendous pressure from both activists and governments concerned about the misuse of NSO Group software. France and the United States have raised concerns, and the National Statistical Office has suspended Pegasus privileges in some countries.

According to activist organizations, more than 50,000 phone numbers of politicians, judges, lawyers, teachers and others could have been hacked with the help of the program. Among the numbers are also the data of 10 prime ministers, three presidents and the king. However, there is no evidence from the activists that all the people on the list were actually attacked.

The Pegasus story illustrates how vulnerable we are to digital surveillance. Our most personally identifiable information – photos, text messages and emails – is stored on our phones. Spyware can easily find out about everything that happens in our life. In this case, the program will not have problems with encryption, which protects data sent over the Internet.

The published list contains 50,000 phone numbers from all over the world. However, NSO denies the link between the list and the real phones that Pegasus is targeting. The list includes the devices of dozens of people close to Mexican President Andrés Manuel López Obrador, as well as the devices of reporters from CNN, The Associated Press, The New York Times and the Wall Street Journal. However, the phones of several people on the list were infected or attacked. One of the attacks was the phone of Claude Mangin, the French wife of a political activist imprisoned in Morocco.

In this article I will try to understand the incident and give the necessary information about the Pegasus.

What is NSO Group?

This is a company that licenses video surveillance software to government agencies. The company says its Pegasus software provides a valuable service as encryption technology keeps criminals and terrorists in the dark. The software runs secretly on smartphones, shedding light on what their owners are doing. Other companies provide similar software.

CEO Shalev Julio co-founded the company in 2010. NSO also offers other tools that can help determine where the phone is being used, help defend against drones, and uncover patterns in mine action data.

Previous reports and lawsuits have highlighted NSO’s involvement in other hacks, including the 2018 hack of Amazon founder Jeff Bezos. In 2018, a Saudi dissident sued NSO, accusing the company of hacking into a device belonging to journalist Jamal Khashoggi, who was killed at the Saudi Arabian embassy in Turkey that same year.

What is Pegasus?

Pegasus is NSO’s most famous product. According to The Washington Post, it can be installed remotely. The target does not need to open any document or link to a website. Pegasus discloses all necessary information to NSO clients – text messages, photos, emails, videos, contact lists – and can record phone calls. Pegasus may also secretly turn on the microphone and cameras of the phone to create new recordings, according to the Washington Post.

Common security techniques such as software updates and two-factor authentication will work for common hackers. However, if experienced, well-funded attackers concentrate their resources on an individual, defending can be extremely difficult.

Pegasus is not intended to target activists, journalists or politicians. “NSO Group licenses its products only to government intelligence agencies and law enforcement agencies for the sole purpose of preventing and investigating terrorist attacks and serious crimes,” the company’s website says. “Our review process goes beyond legal and regulatory requirements to ensure that our technology is lawfully used as designed.”

However, the human rights group Amnesty International was able to trace the compromised smartphones back to the NSO Group. Citizen Lab, a Canadian security agency at the University of Toronto, independently confirmed Amnesty International’s findings after examining phone backup data.

Why did Pegasus make the news?

Forbidden Stories, a Paris-based journalistic nonprofit and human rights group Amnesty International, shared with 17 news organizations a list of more than 50,000 phone numbers of people believed to be of interest to NSO clients.

News sites have verified the identities of many of the individuals on the list and confirmed the presence of infections on their phones. Of the 67 phones on the list, 37 showed signs of installing or attempting to install Pegasus, according to The Washington Post . 34 of these 37 phones were Apple iPhones.

The list of 50,000 phone numbers includes French President Emmanuel Macron, Iraqi President Barham Salih and South African President Cyril Ramaphosa. It is also attended by seven former prime ministers and three current prime ministers, Pakistani Imran Khan, Egyptian Mostafa Madbuli and Moroccan Saad-Eddin el-Osmani. King Mohammed VI of Morocco is also on the list.

Whose phones did Pegasus infected?

In addition to the aforementioned Manzhin, the phones of two journalists from the Hungarian investigative agency Direkt36 were infected, The Guardian reports.

The Pegasus attack targeted the phone of Hanan Elatr, the wife of the murdered Saudi columnist Jamal Khashoggi. However, according to The Washington Post, there is no confirmation that the attack was successful. However, spyware was found on the phone of Khashoggi’s fiancée, Hatiji Cengiz, shortly after his death.

Seven people with infected phones were found in India, including five journalists and one adviser to an opposition party criticizing Prime Minister Narendra Modi, according to The Washington Post.

What does NSO say about this?

NSO recognizes its software can be misused. According to The Washington Post, over the past 12 months, NSO has disconnected two clients due to concerns about human rights violations. “To date, NSO has rejected sales opportunities of more than US $ 300 million as a result of a human rights review,” the company said in its June transparency report.

However, the NSO vehemently disputes any link to the list of phone numbers. “There is no connection between the 50,000 numbers with NSO Group or Pegasus,” the company said in a statement.

“All allegations of misuse of the system concern me personally,” CEO Shalev Julio told the Post. “The accusations undermine the trust we place in our clients. We are investigating all charges. ”

The NSO has banned several governments from using the Pegasus during its investigation, NPR reported. In the past, the NSO has also banned the use of software in Saudi Arabia, Dubai, the United Arab Emirates and some Mexican government agencies, according to The Washington Post.

In a statement, the NSO denied “false claims” about Pegasus, which the company said were “based on misinterpretation of leaked data.” The company added that the Pegasus “cannot be used for cyber surveillance in the United States.”

NSO did not immediately comment on information about the ban on some countries from using Pegasus, as well as about the company’s actions aimed at ensuring that the software is used for its intended purpose.

What are the implications of the Pegasus situation?

President Joe Biden’s top Middle East adviser met with an Israeli Defense Ministry official to raise concerns, The Washington Post and Axios reported.

President Macron changed one of his cell phone numbers and requested new security checks, Politico reported. Macron called a meeting on national security issues to discuss the issue. Macron also expressed Pegasus concerns to Israeli Prime Minister Naftali Bennett, urging the country to investigate NSO and Pegasus, The Guardian reported. Export licenses for Pegasus must be approved by the Israeli government.

Israel has set up a commission to review the Pegasus situation. And on July 28, Israel’s defense forces personally inspected the offices of the NSO.

The head of the European Commission, Ursula von der Leyen, said that if the accusations were confirmed, the use of the Pegasus “is completely unacceptable. Freedom of the media, free press are one of the main values ​​of the EU ”.

The Nationalist Congress Party of India has demanded an investigation into the use of the Pegasus.

Edward Snowden, who in 2013 revealed information about the surveillance methods of the US National Security Agency, in an interview with The Guardian called for a ban on the sale of spyware. If not, Snowden says such tools will soon be used to spy on millions of people. “For example, all iPhones use the same software around the world. Therefore, if there is a way to jailbreak one iPhone, it will immediately become possible to jail all the others, ”said Snowden.

How do I know if my phone is infected?

Amnesty International has released an open source utility called MVT (Mobile Verification Toolkit) to detect Pegasus footprints. The software runs on a personal computer and analyzes data, including backup files exported from an iPhone or Android phone.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Trump’s social network developers accused of illegal use of program code

Published

on

The Software Freedom Conservancy claims Trump Media and Technology Group copied the open source code of the decentralized social network Mastodon, created a new social network based on it.

The Software Freedom Conservancy (SFC), a not-for-profit organization that enforces the rights of open source software developers and the rules for using open licenses, accused in violation of the AGPLv3 license of the Trump social network developers Truth Social.

The Software Freedom Conservancy says that the developers of the service used the open source code of the decentralized social network Mastodon in violation of the license agreement.

Although the Mastodon code is free and free, the projects using it must comply with the terms of the Affero General Public License (or AGPLv3), among which is the mandatory availability of the project source code for all its users. Trump’s media company does not yet provide such an opportunity to TRUTH Social users and calls the social network a proprietary development.

The Software Freedom Conservancy gave Trump Media and Technology Group 30 days to improve, writes The Verge. Otherwise, the use of open source Mastodon will be prohibited for the company.

Continue Reading

Security

Facebook end-to-end encryption will give foreign intelligence services surveillance capabilities

Published

on

Former Facebook employee Frances Haugen criticized the company’s decision to transfer correspondence in its services to end-to-end encryption.

The introduction of end-to-end encryption in Facebook messengers could negatively affect the privacy of users and lead to increased surveillance by intelligence agencies. This opinion was expressed by a former employee of Mark Zuckerberg’s company, Frances Haugen, reports TASS.

According to her, after the launch of encryption in the Messenger application and the social network Instagram, which are owned by Facebook, the company will lose the ability to track possible “malicious operations of special services representatives.” “End-to-End Encryption Will Allow Facebook to Eliminate [от модерирования контента] and serve as an excuse for inaction, “Haugen said ahead of her October 25 speech in the British Parliament as part of discussions on online security bill.

The social network itself does not agree with this point of view. In their opinion, the introduction of end-to-end encryption in Facebook Messenger and Instagram applications, on the contrary, is aimed primarily at protecting the privacy of users and will protect them not only from foreign surveillance, but also from hackers.

Continue Reading

Security

On October 24, a bug in GPSD will send users 19 years back

Published

on

The effect of the error can lead to unpredictable failures on different systems, including those that do not directly use GPSD, since this application is used to obtain accurate time data on some NTP servers used for time synchronization.

A critical issue has been identified in the GPSD package, which is used to extract accurate time and position data from GPS devices, which will cause the time to shift 1024 weeks ago on October 24, i.e. time will be changed to March 2002. About it informs opennet.ru.

The issue appeared in releases 3.20 through 3.22 inclusive and was fixed in the GPSD 3.23 release (the fix was also backported to the 3.22 Debian package). All users of systems that use GPSD need to urgently install updates, or be prepared for a failure.

The effect of the error can lead to unpredictable failures on different systems, including those that do not directly use GPSD, since this application is used to obtain accurate time data on some NTP servers used for time synchronization. When the time is shifted, the systems can experience problems with authentication (for example, one-time passwords, Kerberos and other access verification mechanisms that have an expiration date will stop working), with the verification of certificates and with calculations that manipulate time ranges (for example, calculating the time of a user’s session).

GPSD is also used in car navigators, drones, robots, military equipment, marine and aviation navigation equipment, in various mobile devices, including those based on the Android platform, for many of which firmware updates are no longer available. Usually, on such devices, GPSD work is related to navigation and does not affect the setting of the system time.

The GPS protocol provides for a week counter, counting weeks from January 5, 1980. The problem is that when broadcasting, only 10 bits are allocated for this counter, which implies that it overflows every 1023 weeks (19.7 years). The first overflow occurred in 1999, the second in 2019, and the third in 2038. These events are tracked by manufacturers and have special handlers for them. Currently, a new GPS message format (CNAV) has been introduced in parallel, in which 13 bits are allocated for the counter (i.e. overflow is expected only in 2137).

In GPSD, in the logic of correcting the appearance of an extra second (added in order to synchronize the reference world atomic clock with the astronomical time of the Earth), an error was made due to which on October 24, 2021, 1024 will be prematurely subtracted from the counter of the number of weeks. As planned by the author of the code, the shift was supposed to occur on December 31, 2022, but the translation of this date into the number of weeks was not performed correctly and the number of weeks actually given in the check fell under October 2021 (the value is 2180 instead of 2600).

/* sanity check week number, GPS epoch, against leap seconds
* Does not work well with regressions because the leap_sconds
* could be from the receiver, or from BUILD_LEAPSECONDS. */
if (0 < session->context->leap_seconds &&
19 > session->context->leap_seconds &&
2180 < week) {
/* assume leap second = 19 by 31 Dec 2022
* so week > 2180 is way in the future, do not allow it */
week -= 1024;
GPSD_LOG(LOG_WARN, &session->context->errout,
"GPS week confusion. Adjusted week %u for leap %dn",
week, session->context->leap_seconds);
}

Continue Reading

Most Popular