Until last Sunday, Pegasus usually meant the fabled Greek mythical flying horse. Now the name to stand for arguably the most diabolical spyware the world has ever seen.
Starting revelations this past weekend have emerged that a spyware tool called Pegasus – made by Israeli cybersecurity company NSO Group – might have been used to snoop on Presidents Cyril Ramaphosa and France’s Emmanuel Macron, Pakistani Prime Minister Imran Khan and 11 other heads of state.
Once “infected with Pegasus, a client of NSO could in effect take control of a phone, enabling them to extract a person’s messages, calls, photos and emails, secretly activate cameras or microphones, and read the contents of encrypted messaging apps such as WhatsApp, Telegram and Signal,” The Guardian revealed.
It is part of 16 media organisations which have been investigating a data leak which contains “a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016”.
Although NSO has denied that it was the source of the leaked database came from it and argues it has “no relevance” to it. NSO claimed Macron was not a “target” of any of its customers, which include Rwanda (for whom Ramaphosa was a person of interest in 2019), Morocco, Mexico, India and the United Arab Emirates.
Macron and World Health Organization chief Tedros Adhanom Ghebreyesus were persons of interest for Morocco in 2019. The database also contains diplomats, military chiefs and senior politicians from 34 countries, although it is not certain that anywhere part of an attempted or successful hack.
For years it has been common cause that the most secure mobile operating system is Apple’s iOS, which runs on its one-billion iPhones. But NSO has been able to infiltrate even Apple’s devices using Pegasus, including those, reportedly, of activists, lawyers and journalists.
“When an iPhone is compromised, it’s done in such a way that allows the attacker to obtain so-called root privileges, or administrative privileges, on the device,” Claudio Guarnieri, who runs Amnesty International’s Security Lab, told The Guardian. “Pegasus can do more than what the owner of the device can do.”
Called Project Pegasus, the reporting consortium has been exploring the data, that was given to Amnesty International and which in turn asked media outlets to help investigate it.
Although phone numbers on the list don’t necessarily mean they were infected, “forensics analysis of a small number of phones whose numbers appeared on the leaked list also showed more than half had traces of the Pegasus spyware”.
The people on the list include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.
The list also contains “the numbers of close family members of one country’s ruler, suggesting the ruler may have instructed their intelligence agencies to explore the possibility of monitoring their own relatives”.
Narendra Modi’s government in India has come under fire for its suspected use of Pegasus, after the data cache revealed details of hundreds of verified Indian phone numbers. This includes two numbers belonging to India’s most prominent political opposition figure, Rahul Gandhi, The Guardian reported.
Read More: How to find out if you’ve been pwnd by Pegasus
Amnesty International secretary-general Agnès Callamard said: “The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril”.
It was suggested, although never proved, that NSO was behind a hack into Amazon founder and recently resigned CEO Jeff Bezos iPhone X in 2018. Astonishingly, the hack came via WhatsApp message from an account belonging to Saudi Crown Prince Mohammed bin Salman, the heir apparent to the country, which implanted malicious software (malware).
Most worrying for legions of Apple fans and paranoid corporate security chiefs, Apple is not as impervious as it is always imagined.
“Apple’s self-assured hubris is just unparalleled,” Patrick Wardle, a former NSA employee who now runs an Apple security firm Objective-See, told The Guardian. “They basically believe that their way is the best way. And to be fair … the iPhone has had incredible success.
“But you talk to any external security researcher, they’re probably not going to have a lot of great things to say about Apple. Whereas if you talk to security researchers in dealing with, say, Microsoft, they’ve said: ‘We’re gonna put our ego aside, and ultimately realise that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we’re able to patch them.’ I don’t think Apple has that same mindset.”
Most worrying for the whole world is just how devious and determined nefarious governments and unscrupulous companies are in their nefarious and unscrupulous pursuits.
Most importantly, you can never be too paranoid about security.
This column first appeared in the Daily Maverick 168 newspaper.