1. Introduction
Step into the clandestine realm of Pegasus, an enigmatic spyware developed by NSO Group Technologies, synonymous with covert surveillance of smartphones worldwide. From its inception to its tumultuous journey across borders, this article unravels the intricate web of espionage surrounding Pegasus. Moreover, delve into the controversies, the geopolitical ramifications, and the clandestine operations orchestrated by governments and intelligence agencies. From Poland to the United Arab Emirates, and India to Mexico, explore the key players in this high-stakes game of cyber espionage. Additionally, join us as we uncover the hidden truths behind the headlines and navigate the murky waters of modern surveillance technology.
2. History
“Pegasus” is the name given to the winged horse in Greek mythology. Spyware is classified as a Trojan horse within a larger category of malicious software. It is known as “Saipan” between Israeli police forces [source]. NSO Group established in 2010, but its spyware did not become well recognized until 2016. It was then, a human rights activist in the UAE sent a suspicious text message to a cybersecurity lab for examination. Reports from 2021 stated that Pegasus had targeted people in over 50 countries, and that the spyware was available in over 40 countries.
For instance, Pegasus helped apprehend the Sinaloa Cartel leader El Chapo in 2016. Furthermore, two years later, the Saudi Arabian government tracked Jamal Khashoggi, a Saudi journalist living in the United States. Pegasus remained connected to Khashoggi’s wife’s phone for several months before Saudi operatives murdered and mutilated his body in October 2018.
Pegasus reportedly targeted and compromised the accounts of other well-known political and corporate figures. This included South African President, Cyril Ramaphosa, and former Amazon CEO Jeff Bezos—who owns The Washington Post, Kashoggi’s employer. [source]
3.0 NSO Group
Shalev Hulio Ex-CEO of NSO Group
3.1 Company Overview and Specialization
Renowned for its exclusive spyware, Pegasus, NSO Group Technologies (NSO, derived from the initials of its founders – Niv, Shalev, and Omri) specializes in remote zero-click surveillance for smartphones. Additionally, operating under different names, such as Q Cyber Technologies in Israel and OSY Technologies in Luxembourg and North America, NSO Group has expanded its workforce to over 700 employees worldwide. Moreover, the majority of NSO’s research team comprises ex-members of Israeli military intelligence. A significant portion hail from Israel’s Military Intelligence Directorate, including Unit 8200 veterans. [source].
3.2 Pricing and Criticism of Pegasus
Recently, the company has sparked significant debate. Notably, the Canadian internet watchdog group Citizen Lab critiques nations known for their questionable human rights practices. Additionally, it can trace a history of misconduct by government security forces for deploying NSO’s Pegasus system.
Moreover, as per Fast Company’s reporting on the 2016 pricing structure, NSO charges its clients $650,000 to hack into 10 devices, in addition to a $500,000 fee for installing the software.[source]
In August 2022, Shalev Hulio, the then CEO, stepped aside, appointing COO Yaron Shohat as his successor and simultaneously announcing the layoff of 100 employees. A forced reorganization by its creditors brought co-founder Omri Lavie back into the spotlight as the new owner of NSO, through Dufresne Holdings based in Luxembourg, in May 2023. Amidst these changes, in 2023 US President Joe Biden enacted an executive order banning federal departments and agencies from employing commercial spyware. In June 2023, the White House cautioned American companies considering the purchase of NSO assets. This indicated that such acquisitions could represent a counterintelligence risk to the United States [source].
3.4 Regulatory Scrutiny and Relocation Plans
In November 2021, the US Commerce Department included the Israeli cyber intelligence firm NSO Group on its “black list”. It held concerns that the company’s actions were detrimental to US national security and foreign policy interests.
Certainly, here’s a refined version:
“The NSO Group’s involvement in the sale and upkeep of surveillance software, designed for espionage purposes has drawn significant scrutiny. Through meticulous research, Forensic Architecture has directly implicated the technology developed by NSO Group in over 150 physical assaults against journalists, human rights advocates, and other members of civil society. Tragically, its use has resulted in fatalities in certain cases.” [source]
4.0 Key Buyers of Pegasus
4.1 Poland
4.1.1 Initial Acquisition and Government Use
Initial media coverage concerning the potential utilization of Pegasus by the Polish government surfaced as early as 2018. Reports revealed that the Central Anti-Corruption Bureau (Centralne Biuro Antykorupcyjne, CBA) had acquired the Pegasus spyware using funds provided by the Ministry of Justice. [source] The Supreme Audit Office’s (NIK) 2018 procedure triggered these disclosures. Citizen Lab flagged Poland as an NSO spyware operator in 2018. In December 2021, news broke about spyware victims in Poland, notably Senator Krzysztof Brejza. He was under surveillance while leading the main opposition party’s 2019 parliamentary campaign, reigniting public interest.
4.1.2 Target Expansion and Government Response
Here’s a refined version of the paragraph:
Additional targets included Roman Giertych, lawyer for former Prime Minister Donald Tusk. And, Ewa Wrzosek, a prosecutor critical of the Prosecutor General, among others. Initially, government representatives didn’t deny Poland’s use of Pegasus. Instead of its legality, they stressed compliance with court orders. Later, Deputy Prime Minister Jarosław Kaczyński admitted Poland’s purchase of Pegasus but denied monitoring the opposition [source].
4.1.3 Investigation and Reform Recommendations
The 2023 Senate Special Inquiry Committee’s final report, named the individuals behind the misuse of Pegasus spyware in Poland. Additionally, a set of suggestions for enhancing supervision procedures were developed.
Here’s a refined version of the paragraph:
The first suggestion advocates for a clear separation between intelligence and counterintelligence services and law enforcement agencies. The second recommends government and parliamentary oversight for special services and Ombudsman supervision, alongside judicial review, for police. However, the proposed solution appears inadequate due to government oversight lacking true independence and parliament’s inability to address individual complaints or situations effectively. [source]
4.2 Jordan
On 1 February, a joint investigation by the internet advocacy group Access Now, Citizen Lab, and other partners revealed at least 35 incidents of individuals targeted by Pegasus. Notably, the majority of occurrences occurred between 2020 and late 2023. Additionally, they found at least 16 people in Jordan who were either journalists or employed by independent media outlets had their accounts compromised by Pegasus during this time.
Over a period of several years, the Israeli-made Pegasus spyware compromised the mobile phones of over thirty individuals in Jordan, including journalists, attorneys, and activists. [source]
The Jordanian administration did not react to the report right away.
Among those targeted in Jordan are Adam Coogle, deputy director for the Middle East and North Africa, and Hiba Zayadin, senior researcher for Jordan and Syria. Both individuals are employed by Human Rights Watch. And, each of them received a threat notification from Apple in August stating there had been an attempt to infiltrate their iPhone’s. [source]
4.3 Togo
Reporters Without Borders, a press freedom organization, released research on January 23, 2024, revealing that Pegasus spyware was installed on the phones of Togolese journalists Loïc Lawson and Anani Sossou in 2021. Moreover, the organization reiterates its demands for an immediate ban on the use of these kinds of surveillance technologies and the dismissal of the lawsuits brought against the journalists. [source]
4.4 India
The most recent case that has been found occurred in October 2023. Amnesty International’s Security Lab conducted forensic investigations to confirm that two journalists, Anand Mangnale, the South Asia Editor at The Organised Crime and Corruption Report Project (OCCRP) and Siddharth Varadarajan, the founding editor of The Wire, were among those recently targeted by Pegasus spyware on their iPhones.
Additionally, an attacker-controlled email account on his device was found by the Security Lab.
In October, Apple sent out a fresh wave of security alerts to iPhone owners worldwide. They suggested that they might have been the target of “state-sponsored attackers.” It was alleged that over 20 Indian journalists and opposition leaders had got the alerts.
On 2 February 2022, in New Delhi, India, an opposition Congress party worker carries a poster during a protest alleging that the administration of Prime Minister Narendra Modi is deploying military-grade spyware to monitor political opponents, journalists, and activists. [source]
Amnesty claimed that Mangnale was working on a report about a major multinational conglomerate in India. The conglomerate was accused of manipulating stocks when his phone was targeted.
The OCCRP released an inquiry into Indian businessman Gautam Adani’s financial affairs in August. Mangnale told AFP he was targeted ‘within hours’ of submitting inquiries to the Adani Group for OCCRP. [source]
4.5 Mexico
4.5.1 Initial Adoption and Targeting Strategy
As per the New York Times, Mexico is “The first and most prolific user of Pegasus”. Indeed, Mexico was the first nation to buy Pegasus as a cutting-edge weapon to use against cartels. After heavy dependence on US information collection, Mexican authorities likewise aimed to develop independent intelligence capabilities. [source]
Pegasus was initially used to spy on Joaquín Guzmán, alias El Chapo, through his personal phone. According to reports, Mexican President Felipe Calderón called NSO to express gratitude for the company’s assistance in Guzmán’s arrest.
After a few years, the government started using Pegasus to target members of civil society. Members, such as journalists, human rights campaigners, and anti-corruption activists. In 2021, a third of the 50,000 phone numbers on a list of possible Pegasus monitoring targets belonged to Mexicans. Whats more, they were targeted by government officials. [source]
4.5.2 Military Involvement and Legal Challenges
Internal documents from Mexico’s Ministry of National Defense (SEDENA) were leaked on 3 July 2020. They proved beyond a reasonable doubt that the Mexican Army used a covert military intelligence unit to deploy Pegasus spyware on human rights advocate, Raymundo Ramos.
The Guacamaya collective, group of hackers, leaked the document. It details the private conversations between Ramos. And, with reporters from El Universal, Televisa, and El País regarding the Army’s extrajudicial killings in Nuevo Laredo, Tamaulipas. [source]
Mexico: Army used Pegasus to spy on human rights defender Raymundo Ramos [source]
4.6 Spain
Spain’s National Intelligence Center Director, Paz Esteban Lopez, faced dismissal on May 25, 2022, after revelations surfaced that Pegasus was used to spy on Catalan and Basque separatists. Subsequently, Spanish authorities suspect that over 200 individuals, including Defense Minister Margarita Robles and Prime Minister Pedro Sanchez, were targeted. However, a Spanish court suspended its investigation into Pegasus hacking allegations involving ministers’ phones on July 10, 2023, citing Israel’s lack of cooperation. [source][source]
4.7 United Arab Emirates
4.7.1 Contract with NSO Group
The United Arab Emirates (UAE) strengthened its surveillance capabilities in August 2013 when it signed a contract with a subsidiary of the well-known Israeli spyware company NSO Group. In 2014, the United Arab Emirates (UAE) began actively pursuing phone interceptions, going after prominent individuals such as the Emir of Qatar. The revelation of this covert operation occurred in 2016 when scrutiny fell upon the UAE’s monitoring methods following Emirati human rights activist Ahmed Mansoor’s discovery of a suspicious attempt to hack his iPhone using NSO Group’s spyware.
4.7.2 Qatar Embargo and Surveillance Revelation
On June 5, 2017, the UAE and Saudi Arabia imposed an embargo on Qatar, raising tensions in the region and changing the geopolitical landscape. Ten days later, an internal Emirati letter reveals the breadth of the UAE’s monitoring efforts: it shows that NSO malware targeted 159 people connected to the royal family and government leaders in Qatar. Reports into 2017 indicate that the UAE continues to utilize Pegasus, NSO Group’s spyware, despite international concerns and scrutiny on its possible misuse. This shows the UAE’s unwavering commitment to surveillance. [source]
The center claimed to have “informed London of these breaches,” without specifying whether the government was “involved” in the matter. However, it did note that operators from the Emirates were linked to the exposure of British Prime Minister Boris Johnson’s office. Furthermore, it stated that Pegasus operators in Jordan, India, Cyprus, and the United Arab Emirates had linked to breaches at the British Foreign Office over the preceding two years. [source]
In a ruling made public on October 6, 2021, the High Court of England declared that Sheikh Mohammed bin Rashid al-Maktoum, the UAE’s prime minister and vice president, had given the order to hack and open a new tab on six phones that belonged to Princess Haya bint al-Hussein, her attorneys, and her security detail. [source]
FILE PHOTO: Jordanian Princess Haya bint Al-Hussein and her husband, Dubai ruler Sheikh Mohammed bin Rashid al-Maktoum (R), walk to the parade ring on Ladies Day, the third day of horse racing at Royal Ascot in southern England June 17, 2010. REUTERS/Luke MacGregor/File Photo[source]
4.7.3 NSO Group’s Link to UAE
Since 2019, a state-owned investment firm in Abu Dhabi has invested in the Israeli cyberweapons manufacturer NSO Group. During this period, NSO’s Pegasus spyware has been linked to the phones of journalists, human rights advocates, and the divorced wife of the ruler of Dubai.
Three persons with knowledge of the situation claim that Mubadala Capital, a division of the $243 billion firm run by Sheikh Mohammed bin Zayed al-Nahyan, the crown prince of Abu Dhabi, was one of the major investors in the €1 billion private equity fund that purchased NSO three years ago. [source]
5.0 Israel Police and Pegasus Spyware Allegations
This chronological overview captures the key events and developments surrounding the Israel Police’s use of Pegasus spyware, highlighting the controversies, investigations, and legal proceedings that unfolded.
5.1 January 2022
On January 18, 2022, the Pegasus affair came to light through an investigative report published by journalist Tomer Gannon in Calcalist. Following this revelation, Gannon alleged that the Israel Police had been utilizing Pegasus spyware without legal authorization. Consequently, this report raised concerns about the surveillance of Israeli citizens, including activists, government employees, and even the mayor. In response to the publication, Attorney General Avichai Mandelblit established a team, led by Deputy Attorney General Amit Marari, to investigate the claims. Despite initial denials from the police, further reports surfaced regarding the unauthorized use of spyware, prompting NSO CEO Shalev Hulio to suspend the system used by the Israel Police pending investigation. [source]
Other reports highlighted its use in cases related to the Netanyahu trial, implicating individuals such as James Packer and Yair Netanyahu. Tomer Gannon continued to publish claims of spyware usage on various individuals, including CEOs and activists, without proper court orders. [source]
5.2 February 2022
On 8 February 2022, NSO responded by filing a defamation suit against Calcalist, denying many of the claims made about its software. Despite the ongoing controversy, the State Prosecutor’s Office submitted examination results on February 16 indicating irregularities in specific cases but asserting that they obtained court orders for targeted surveillance. [source]
5.3 July 2022
By July 2022, the Marari Commission had submitted its final report, providing insights into the police’s actions and concluding that it did not substantiate unauthorized spyware usage. Nevertheless, on 8 November 2022, the State Attorney’s Office admitted to unauthorized use of spyware in cases related to the submarine affair, raising questions about the extent of the police’s adherence to legal protocols. [source]
5.4 September 2023
On 23 September 2023, Attorney General Gali Baharav-Miara authorized police to use the contentious Pegasus phone spy program in the course of looking into the shooting deaths of five Arab family members inside a home in Basmat Tab’un, a northern Bedouin village located about 22 kilometers (14 miles) east of Haifa. [source]
6.0 Pegasus after October 7th
The American website The Intercept reported that a well-known Israeli espionage technology company wrote two urgent letters to US Secretary of State Anthony Blinken and officials in his ministry, requesting a meeting to warn them about the Islamic Resistance Movement (Hamas).
Subsequently, in response to what it described as “Serious security threats” posed by the resistance, the NSO Group, the company that makes the Israeli spyware Pegasus, wrote a letter to the State Department requesting an opportunity to speak with Secretary Blinken and officials about the significance of cyber intelligence technology. Additionally, the company’s most recent attempt to improve its reputation and—more importantly—get itself off the US blacklist is this letter. However, the US Department of Commerce refused to comment and stated that NSO’s placement on the blacklist had not changed.
NSO Group actively seeks removal from the blacklist despite persisting in abusive business practices. Specifically, it cites the October 7 Hamas attack on Israel as justification for delisting. Additionally, The Intercept claims that Timothy Dickinson, a partner at Paul Hastings’ legal practice and lobbyist for the NSO Group, has been spearheading a determined attempt to have its blacklist lifted.
Finally, in a letter to the Commerce Department, DAWN encouraged the Department to keep NSO Group under sanctions, highlighting the company’s ongoing support for governments that violate human rights by using their spyware illegally. DAWN argued that in order to protect human rights and halt further abuses, NSO should remain sanctioned for the fundamental reasons behind its initial blacklisting. These reasons encompassed providing spyware to foreign governments, who then maliciously targeted academics, activists, businesspeople, government officials, and journalists.[source]
7.0 How Pegasus works
Designers crafted Pegasus to silently infiltrate smartphones, transforming them into surveillance devices without the user’s awareness. The operation of Pegasus spyware involves several key stages:
7.1 Pegasus Infection Methods
Pegasus originally relied on spear-phishing techniques—sending targeted messages via email or SMS that trick the recipient into clicking on a malicious link. However, its methods have evolved to include “zero-click” attacks, where no user interaction is required. Moreover, these attacks exploit vulnerabilities in commonly used applications such as iMessage, WhatsApp, and other communication platforms to install the spyware remotely and covertly.
7.2 Exploiting Vulnerabilities
The effectiveness of Pegasus lies in its use of zero-day vulnerabilities—previously unknown flaws in software that developers have not yet addressed. By exploiting these vulnerabilities, Pegasus can bypass device security mechanisms and install itself without the user’s consent or knowledge. Additionally, the spyware can tailor itself to exploit specific vulnerabilities found in different versions of iOS and Android, making it a versatile tool for infiltrating a wide range of devices.
7.3 Surveillance Capabilities
Once installed, Pegasus grants its operators comprehensive access to the device’s data and functionalities, including:
- Data Harvesting: It can read text messages, emails, and access files, photos, and videos.
- Environmental Listening: It can secretly activate the microphone to record conversations happening near the device, even when the user is not actively using the phone.
- Location Tracking: It continuously monitors and records the physical location of the device.
- Camera Control: It can covertly turn on the camera to capture video, providing real-time surveillance footage.
- Encrypted Data Access: It can extract data from encrypted messaging services by capturing the information before encryption or by capturing it after the device decrypts it.
7.4 Data Exfiltration
All collected data is encrypted and stealthily sent to a command and control (C&C) server managed by the operator. However, this server processes allows further access to the gathered information, enabling continuous monitoring and data analysis at a granular level.[source]
8.0 Conclusion
In the shadowy corridors of digital espionage, the saga of Pegasus spyware unfolds as a cautionary tale of innovation entangled with the dark arts of surveillance. Crafted by NSO Group Technologies, Pegasus represents the pinnacle of a burgeoning market where the demand for tools of espionage grows unchecked, drawing a fine line between national security interests and the invasion of personal liberties.
Moreover, the controversies engulfing NSO Group, marked by accusations of misuse and the ignominy of landing on the US Commerce Department’s “Black List,” cast a stark light on the murky oversight of spyware distribution. Consequently, this saga underscores a pressing concern: the unchecked proliferation of surveillance technology in the absence of stringent controls poses a significant threat to civil liberties.
In essence, the journey through the shadowy world of Pegasus is a stark reminder of the dual-edged nature of technological advancement. It beckons stakeholders in the tech sphere to navigate the murky waters of digital espionage with a greater sense of responsibility and foresight, ensuring that the march of progress does not trample the sanctity of individual privacy.