Pegasus

Spyware

Evidence of Usage in:

Armenia, Djibouti, Egypt, El-Salvador, Estonia, France, Iraq, Israel, Jordan, Palestine, Poland, Togo, Ukraine, Yemen

Company:

Pegasus

Spyware

General Information

Pegasus by NSO Group is said to be one of the most intrusive spyware programs in the world.

The Pegasus mobile phone spyware suite (at times referred to as Q Suite) is created and operated by the Israeli cyber company NSO Group. The company uses different methods to install the software on mobile devices (both iOS and Androids) without the user’s knowledge or permission. This includes both exploiting vulnerabilities of other programs (as was done with WhatsApp), as well as through sophisticated deception of the target. Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity and use the GPS function to track a target’s location and movements.

The research center Citizen Lab has exposed the use of the software by the Mexican government against journalists and Human Rights activists, by the Moroccan government against human rights activists, by Spain against Catalonian politicians, and many more. The spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders. It was implicated in the killing of Saudi journalist Jamal Khashoggi in Istanbul in 2018. [1]NSO Group / Q Cyber Technologies Over One Hundred New Abuse Cases

According to Citizen Lab 45 countries were identified with Pegasus Spyware infections: Algeria, Bahrain, Bangladesh, BrazilCanadaCote d’Ivoire, Egypt, France, GreeceIndia, Iraq, Israel, Jordan, KazakhstanKenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, MexicoMoroccothe Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi ArabiaSingaporeSouth Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkeythe UAEUgandathe United Kingdomthe United States, Uzbekistan, Yemen, and Zambia.[2]HIDE AND SEEK Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries

NSO Group had been given explicit permission by the Israeli government to try to sell the homegrown hacking tools to Saudi Arabia. It was a classified arrangement and resulted in the sale later being sealed in Riyadh in a deal reportedly worth at least $55m.[3]Pegasus project turns spotlight on spyware firm NSO’s ties to Israeli state In the case of Saudi Arabia, sources familiar with the matter said the kingdom was temporarily cut off from using Pegasus in 2018, for several months, following the murder of Jamal Khashoggi, but was allowed to begin using the spyware again in 2019 following the intervention of the Israeli government.[4]Pegasus project turns spotlight on spyware firm NSO’s ties to Israeli state

In July 2020, Citizen Lab discovered that the mobile phones of several politicians in Spain, including that of the President of the Catalan Parliament, Roger Torrent, were hacked in 2019, along with 100 other figures from civil society around the world. This was the first known case of a European state acquiring and using Pegasus against elected politicians.[5]Phone of top Catalan politician ‘targeted by government-grade spyware’

Surveillance on Journalists and Human Rights Defenders

In another report, Citizen Lab exposed that dozens of journalists at Al-Jazeera, the Qatari state-owned media company, have been targeted by malware linked to the NSO Group. The malware infected the personal phones of 36 workers at Al-Jazeera. The attacks were tied “with medium confidence” to Emirati and Saudi governments.[6]The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

According to an investigation by Forbidden Stories, published in July 2021at least 180 journalists around the world have been selected as targets by clients of the cybersurveillance company NSO Group.

Forbidden Stories and Amnesty International had access to a leak of more than 50,000 records of phone numbers that NSO clients selected for surveillance. According to an analysis of these records by Forbidden Stories and its partners, the phones of at least 180 journalists were selected in 20 countries by at least 10 NSO clients.[7]PEGASUS: THE NEW GLOBAL WEAPON FOR SILENCING JOURNALISTS

Countries where journalists were selected as targets according to the Forbidden Stories investigation[8]PEGASUS: THE NEW GLOBAL WEAPON FOR SILENCING JOURNALISTS:

Use by Israeli Forces

Citizenlab identified several operators operating in Israel: four that appear to operate domestically and one that appears to operate both in Israel, as well as other countries including the Netherlands, Palestine, Qatar, Turkey, and the USA. As NSO Group is based in Israel, some of these might perhaps be demonstration or testing systems.[9]HIDE AND SEEK Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries

In November 2021 it was exposed that devices of Palestinian human rights defenders were hacked with Pegasus.[10]Devices of Palestinian Human Rights Defenders Hacked with NSO Group’s Pegasus Spyware

In January 2022 the Israeli newspaper Calcalist exposed that Israel police used NSO’s Pegasus spyware sind 2013 to remotely hack phones of Israeli citizens, control them and extract information from them, Calcalist has revealed. Among those who had their phones broken into by police are mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, former governmental employees, and a person close to a senior politician. Calcalist learned that the hacking wasn’t done under court supervision, and police didn’t request a search or bugging warrant to conduct the surveillance. There is also no supervision on the data being collected, the way police use it, and how it distributes it to other investigative agencies, like the Israel Securities Authority and the Tax Authority.[11]Israel police uses NSO’s Pegasus to spy on citizens

The Israeli Police first acquired Pegasus from NSO in December 2013 during the tenureship of Yohanan Danino as General Commissioner of Israel Police. The system became operational under his successor Roni Alsheikh, who was appointed as General Commissioner in December 2015 after serving as the deputy head of Shin Bet. Alsheikh was among those who pushed to increase the usage of the spyware, which cost police tens of millions of shekels down the years when calculating its purchase, maintenance, and ongoing usage. The person who negotiated with police on behalf of NSO was then CEO Eran Gorev, who was the representative of investment firm Francisco Partners, which owned NSO at the time.[12]Israel police uses NSO’s Pegasus to spy on citizens