In the last few days, information became public that at least nine officials from the United States Department of State used their hacked iPhones as Pegasus, a software used to spy on people all over the world, especially through two of their cell phones.
O Pegasus is a product that is part of the effervescent industry of spyware and whose sale is not illegal. On the contrary, its main public-alvo are security and defense entities, such as intelligence agencies, armies and police forces, entities with the function of complying with the law.
Organizations like these demand the market for facilities to collect evidence in cyberspace, especially for crimes that cause a great impact on society, such as child pornography or terrorism.
More the history of the Internet is strongly marked by the abuse of good intentions, according to the conception of new technologies, in its sales discourse, or in its use. In cybersecurity, such an abundant amount or volume of money circulating in the industry is ambiguous in the use of its tools. O Pegasus is just one among several other products designed to protect by attacking.
The NSO Group, an Israeli company that developed Pegasus, was born from the desire of two of its original partners —Shalev Hulio and Omri Lavie— to provide remote support services to cell phones. It was Niv Carmi, or third partner, who had previously joined Mossad —or Israel’s intelligence service— who pointed out where he was or pot of gold: in hacking the devices and selling or accessing them to governments around the world.
The use of Pegasus has already been documented by countries such as Mexico, the United Arab Emirates, Saudi Arabia, Casaquistão and Bahrain, among others. The NSO Group participated, even, in a tender with the objective of selling Pegasus to Brazil, in a process that, according to the Portal UOL, television or vereador of Rio de Janeiro, Carlos Bolsonaro (Republicans), operating as an intermediary for the negotiation of the product with the Federal Government. The process ended with the company abandoning the negotiations in the midst of differences between the file “02” of the president, the military and the Brazilian Intelligence Agency (ABIN).
Authorities of the two countries that will acquire Pegasus and are ready to comment on the use of the cyberweapon, adopt standard arguments, such as that it was acquired to fight drug traffickers, terrorists or pedophiles. Not so, or what we see being documented is the use of the tool to monitor and persecute journalists, activists and oppositionists of authoritarian regimes.
In a moment of waning democracy, or Pegasus has been a “mão na roda” for regimes that seek to remain powerless. The most emblematic case involved journalist Jamal Khashoggi, assassinated under the command of Saudi prince Mohammed bin Salman. Evidence suggests that Khashoggi was monitored for the use of Pegasus, or that he would have facilitated the operation that culminated in his death.
How does it work
There is little detailed and current technical information on the operation of Pegasus. However, a product manual, obtained and published in 2019 by the director of the NGO Electronic Frontier Foundation (EFF), Eva Galperin, demonstrates what the tool was like in pre-2019 versions.
The manual contemplates the perspective of the operator, this knowledge can be complemented with dozens of reports of thinktank Canadian Citizen Lab, many of them detailing what happens to cell phones of victims. Ou seja, to perspective do alvo.
In general, Pegasus is a platform that allows launching attacks against people’s devices, which, if they happen, result in not controlling the device. If you, or the Pegasus operator, would have access to everything that is stored in the device (photos, files, messages, etc.), such as monitoring the location of the victim, capturing audio and video calls, collecting everything that is typed, activating listening do som ambient and extract images, activating the camera. All material is sent periodically and furtively to your servers.
The way in which Pegasus conducts the first attack on the victim may vary according to the user’s operating system (Android, iOS, etc.) and also the device update status.
Systems are constantly changing, either to incorporate new functionalities or to correct security vulnerabilities, this demands that NSO Group continue to adapt or Pegasus to the novelties, especially looking for new ways to attack systems whose vulnerabilities have been corrected. It can also be done with an internal research and development team or by paying third parties for new ways to hack technologies.
Imagine that a hacker had discovered a vulnerability on the iPhone which is unknown to Apple and that this vulnerability is of the type that allows or totally controls the device, if the victim had to click on a link to be attacked (one of the errors more difficult to find).
Posse desse conhecimento, a hacker has some options: she can use the falha to conduct her own attacks; You can submit the problem to the Apple rewards program with the chance to win up to a thousand dollars with this, as well as the recognition of the technical community and the gratitude of two users, who will have their devices corrected; Or it can sell or provide information on how to explore vulnerabilities for up to two thousand for companies that will use the technology to supply systems such as Pegasus. Not final, everything is about a question of scruples.
Hoje, there is a market of vulnerabilities in full swing, whose history was recently documented by the journalist of cybersecurity do New York TimesNicole Perlroth.
This industry operates like a garimpo, in that a person with a picareta can beat a stone and have a chance of finding a nugget, more evident that those with resources and are trained have more chances of achieving great gold and dominating extraction.
NSO in difficulties
As demand for cyber weapons continues to grow, the NSO Group is currently experiencing difficulties.
A vacancy of July data, containing the telephone numbers of 50,000 possíveis alvos do Pegasus continues to refer to 14 chefs de Estado. Among them, or President da França, Emmanuel Macron. The incident caused diplomatic complications with Israel, fazendo or esquetar climate within the company.
Their executives will try to defend themselves using evasive arguments, among them or that they only produce weapons and do not control them, but they are not convinced by anyone in the dome of the two governments involved, those who perceive Pegasus as a typical problem of large-scale weapons: their volatility can trace impact to everyone.
The company ended up suffering from an embargo by the United States not long ago and now cannot buy anything of American origin or sell to customers outside the country. Israel, for its time, had little to defend the company.
As sanctioned, the assets of NSO Group were discounted to toxic conditions by the market and the company is facing the risk of insolvency, as it accumulates a dividend of 500 thousand dollars, the result of a financial management based on low liquidity and strong cash advance.
In a change in management, the original CEO of the NSO Group, Shalev Hulio, was advised and hired by Isaac Benbenisti, a market executive, to lead the company on a day-to-day basis in his place. However, Benbenisti deixou o cargo sem complete in two weeks in position.
Ativists for privacy have something to eat with this setback, but unfortunately not much. In the first place, because the market of spyware It will remain firm with an eventual date of the NSO Group and even if the company is disintegrated, it is very important to be attentive to the fate of Pegasus, which can continue to be as harmful as it is in the hands of another company.
It is difficult to defend against companies with such firepower and that adapt depending on the conditions of the target. A victim of Pegasus, for example, the Mexican journalist Carmen Aristegui managed to dodge for a year of attempted attacks, so that, according to Citizen Lab’s report, the cyberweapon operators attacked her file, Emilio, a minor at the time, to catch up with mãe
Security professionals are often sought after in search of a product or recipe that prevents all attacks. Regrettably, it does not exist. As well as personal and patrimonial security, cybersecurity is a continuous activity, which demands changes in the behavior of the use of technology and constant updating. There are many guides with this purpose. In my opinion, one of the two best is or from the EFF, available here.