NSO Group's Pegasus spyware on many smartphones

Sicherheit (Pexels, allgemeine Nutzung)[German]It started with a leaked list of about 50,000 phone numbers. Investigative research by the media then shed light on the surveillance of smartphone users by governments and private organizations. Numerous people around the world were spied on using Pegasus spy software from Israel's NSO Group. The company seems to provided authoritarian states with the opportunity to surveil journalists, human rights activists and members from NGOs.


The Israeli NSO Group

NSO Group Technologies is an Israeli technology company, based in Herzliya near Tel Aviv. The company, which has around 500 employees, has been developing mainly software and monitoring technology since its inception in 20210. NSO Group is known for its spyware Pegasus, which allows remote monitoring of smartphones (Android, iOS, etc.).

The Trojan can be installed on the devices within seconds without being noticed. Then phone calls, SMS, emails and even encrypted chats can be monitored. Unnoticed access to the microphone and camera is also possible. This software can be bought, even though the official account says that NSO Group only gives its spy software to government agencies, which are supposed to use it exclusively for the fight against terrorism and serious crime.

The phone list with 50,000 numbers

Through a leak, a list containing 50,000 phone numbers of at least ten NSO Group clients, covering entries from 2016 to 2021, has fallen into the hands of Amnesty International and Forbidden Stories, a Paris-based media non-profit organization. Research by an international consortium of journalists suggests that hundreds of journalists, human rights activists, lawyers and politicians were spied on by the Pegasus spyware through their smartphones. , Menschenrechtsaktivisten, Anwälte und Politiker durch die Pegasus-Spionagesoftware über ihre Smartphones ausgespäht wurden.

Among others, people close to the murdered Saudi journalist Jamal Khashoggi were targeted for surveillance, as reported by Tagesschau here. The phone list evaluated also included the numbers of more than 180 journalists, among them the editor-in-chief of the British Financial Times, reporters from the French media Le Monde, Mediapart and Le Canard Enchainé, a reporter from the U.S. television channel CNN, from The Wire in India, an AFP correspondent in Morocco, a television presenter in Mexico and editors from Hungary and Azerbaijan. Cyble has published this article about the topic.

Voices from Amnesty international

"The Pegasus Project exposes how NSO's spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and suppress dissent, putting countless lives at risk," said Agnès Callamard, Secretary General of Amnesty International.


"These revelations refute all of NSO's claims that such attacks are rare and result from malicious use of its technology. While the company claims that its spy software is only used for legitimate criminal and terrorist investigations, it is clear that its technology enables systemic abuse. They paint a picture of legitimacy while profiting from widespread human rights abuses."

"It is clear that their actions raise larger questions about the extensive lack of regulation that has created a wild west of rampant, abusive attacks on activists and journalists. Until this company and the industry as a whole can demonstrate that it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology."

NSO Group denies allegations

In a statement from a U.S. law firm, NSO Group denies all allegations. The Guardian has pulled together the statements here – in a nutshell:

the collection of telephone numbers could have many legitimate and complete clean uses that had nothing to do with surveillance or NSO. Even if these numbers had been fed into NSO, this "does not necessarily mean" that this was also "part of a surveillance attempt". Moreover, this says nothing about whether the use of spy software was also successful. In addition, NSO had no knowledge of the reconnaissance objectives of its customers. The French association Forbidden Stories drew "false, too far-reaching and defamatory conclusions from the list of data".

At this point, it's quite interesting to take a tongue-in-cheek look at the company's statement, which sees its software as helping to "prevent terrorist attacks, gun violence, car explosions and suicide bombings" and "to break up pedophilia, sex and drug trafficking rings, locate missing and abducted children." Well, it seems, that the "dual use/abuse" scenario has hit here, as we can see in the next section. The customers for such a software are also in authoritarian and repressive countries.

Pegasus Trojan found on numerous cell phones

The test of the investative network was to see whether devices were infected and whether traces of the Pegasus Trojan could be found there. If everything happened as claimed by the NSO Group, there should be no Trojans on devices belonging to members of the press or non-governmental organizations (NGOs). The media involved then randomly checked the list of phone numbers and the identified devices. The German broadcast medium Tagessschau writes about this:

IT experts from the Amnesty International Security Lab in Berlin and the Citizen Lab at the University of Toronto conducted forensic examinations on 44 iPhones belonging to people whose numbers had apparently been selected by NSO customers as potential targets. Traces of attacks with the "Pegasus" software were actually found on 37 devices, and the Trojan was apparently still active on some phones until July of this year.

An English article by Amnesty International lists cases from several countries such as India or Mexico and Azerbaijan.

Details from Amnesty International

The Pegasus software is probably not a tool for mass surveillance, but is specifically placed on the devices of selected victims via known vulnerabilities. According to media reports, NSO Group charges several thousand euros per monitored device. However, 1,000 phone numbers in Europe were found in the above-mentioned list.

Amnesty International published the article Forensic Methodology Report: How to catch NSO Group's Pegasus, which provides targeted information on what was found on infected devices using forensic methods. Even iPhones running iOS 14.6 are hackable via an iMessage vulnerability, according to this tweet. The British Guardian has also published an article about this matter, that is quite worth reading.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *