Mansoor who was already the victim of attacks using various other spyware tools from firm such as Hacking Team, sent the message to Bill Marczak of the Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs, rather than clicking it. Citizen Lab was already in the trail of NSO but were unable to find a sample of the Pegasus malware itself to corroborate any of their findings. Ahmed Mansoor is currently imprisoned in UAE but his vigilance led to the discovery of a spyware infection which exploited three zero-days(unknown bugs) in the iPhone. NSO had developed the ability to remotely hack one of the most robust consumer products in the market, Apple’s iPhone and that too with just a simple click on a link by the victim. It is believed that NSO had gained this ability from iPhone 5 onwards and continued to have it till iPhone 7, after which the zero-day vulnerabilities were discovered and patched.
The Congress on Sunday claimed that party general secretary Priyanka Gandhi Vadra had received a text message from WhatsApp alerting her to a possible privacy breach about a month ago, as did others whose phones were similarly hacked with the Pegasus spyware from the Israel-based technology and cyber intelligence firm, NSO Group.“When WhatsApp sent out messages to all hacked phones, one such message was sent to Priyanka Gandhi Vadra’s mobile phone too.
As Mike Murray the VP of Research at mobile security company Lookout, the company Citizen Lab had associated with to report about Pegasus, had told Vice in 2016,
Reports that Saudi Arabia used Pegasus to aid the murder of journalist Jamal Khashoggi and the latest WhatsApp snooping scandal proves that his words were true as Pegasus seems to have grown in it’s capabilities or was much more capable than what was initially thought.
“We’re not going to put NSO out of business by patching these vulnerabilities.”
When talking about Pegasus, it is also important to talk about its elusive makers. While Pegasus is infamous now, there isn’t a whole lot of details available about the company behind it, the NSO Group. Founded in 2010 in Herzliya, Israel, its initial funding likely came from Israel’s ‘elite 8200 Intelligence Unit’, a military funded scheme for startups. Reports suggests that elite 8200 Intelligence Unite was heavily involved in funding and providing the required expertise for the Stuxnet attack against Iran. The founders of NSO Omrie Lavie and Shalev Hulio runs a tight ship. The fact that there isn’t much about them in the medias is deliberate.
Screenshot: 60 Minutes ()The founder and CEO of NSO Group, the notorious Israeli hacking company with customers around the world, appeared on CBS’s 60 Minutes Sunday night to defend the use of his company’s tools in hacking and spying on lawyers, journalists, and minors when the company’s customers determine the ends justify the means.
This is what Omri Lavie usually says when the medias asks him anything about his firms. The reasoning behind their media shyness was made clear by Mr Lavie in a rare interview he had given to Defense News back in 2013.
“I do not give interviews.”
“If you want to work successfully in the cloak and dagger battlefield of cyber, you don’t want just anyone Googling your information.”In 2014, US private equity fund Francisco Partners acquired a majority stake in the firm for around $120 million. Under the new ownership NSO truly went international with several acquisitions and mergers including with the Israeli firm Circles. Backed by European private equity fund Novalpina, the founders Hulio and Lavie bought back the majority shares from Francisco Partners in 2019.
What is ironic is that Lavie and most of his NSO employees are also part of Kaymera, a company which is the complete opposite of NSO. Kaymera provides tools to protect personal devices such as phones from cyber attacks. With this, the founders of NSO are are playing both sides of cyber wars, being both the devil and the angels.NSO’s most premium product Pegasus does everything expected of a spyware which targets mobile phones- gaining access to device’s microphone, camera, text messages(both traditional and the ones sent via WhatsApp), contact lists etc.
But the most impressive feature of Pegasus is it’s ability to stay hidden. NSO has gone to great lengths to keep Pegasus hidden from it’s victims as it snoops on their daily activities. This is underlined by some of the comments Lavie made to Defense News in 2013.
As it was revealed after the iPhone snooping incident, Pegasus once it infects a phone can withstand factory data resets and even operating system upgrades. The patch that Apple brought out only prevented the spyware attack using same zero day bugs to infect more devices. Among the marketing materials that were leaked as a result of its competition Hacking Team’s servers getting hacked themselves, was a document in which NSO explains the two methods it has to infect a target. First method is called a ‘one click vector’, which requires some kind of interaction with the victim. This was seen in the attacks against iPhones exposed in 2016. The second method, called ‘zero click vector’ requires no interaction from the victim. This method was employed in the recently revealed attacks.
“We’re a complete ghost.. We’re totally transparent to the target, and we leave no traces.”
In the latest attacks, Pegasus has used a zero day exploit in WhatsApp’s VoIP calling feature. As per a security advisory from Facebook, Pegasus has exploited an extremely common type of bug known as ‘buffer overflow’. While WhatsApp bases its end-to-end encryption on the infamous Signal Protocol, its VoIP calling functionally most probably also includes other proprietary code as well. Signal has said that its service is not vulnerable to this calling attack.
The most dangerous part of the latest attack is that the victim is helpless. Unlike the previous attacks, the victim doesn’t have to click on a link for the malware to install itself in the device. The malware is transferred through a WhatsApp call and it doesn’t matter if the victim picks up the call or not.
Even though it has denied any involvement, the amount of activists, lawyers and journalists who are critical of the government included in the list of Indians snooped upon raises doubts over the Indian government. Among the documents filed by Facebook attached to the lawsuit is a signed contract with Ghana’s National Communications Authority which states that Pegasus could be only deployed with written permission from the Ministry of Defense of Israel. Also, the NSO group has long maintained that it sells its software only to governments. Further, Pegasus requires an estimated period of 4 weeks to test on local networks, uninterrupted access to local networks for such long periods of time would be much harder without the support of state machinery.
If Indian government is indeed being truthful and it played no part in snooping on it’s citizens, that would mean an even more disturbing scenario. That a foreign government, with the approval of Israel’s Ministry of Defense, was snooping on Indian citizens using a state of the art spyware. Unfortunately for WhatsApp, its downloads in India have declined by 80%, an inevitable outcome of the scandal. As users are looking for alternate messengers that provides more security, downloads of Signal and Telegram have seen increase of 63% and 10% respectively.