Haaretz.com, the online English edition of Haaretz Newspaper in Israel, gives you breaking news, analyses and opinions about Israel, the Middle East and the Jewish World.
© Haaretz Daily Newspaper Ltd. All Rights Reserved
One of the biggest stories of 2021 — an investigation by the Guardian and 16 other media organizations, published in mid-July — suggested that over 30,000 human rights activists, journalists, and lawyers across the world may have been targeted using Pegasus. The list of targeted individuals includes world leaders and many activists, human rights advocates, dissidents, and opposition figures. The report, called the Pegasus Project, alleged that the malware was deployed widely through a variety of exploits, including several iOS zero-click zero days.
Most recently, Amnesty International identified Pegasus in use against “journalists and members of civil society organizations” in El Salvador.
Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. Over the past year, representatives from the Israeli government visited NSO’s Herzliya office to investigate the claims, and India’s Supreme Court commissioned a technical committee to investigate the national government’s use of Pegasus to spy on its own citizens. In November, Apple announced that it was taking legal action against NSO Group for developing software that targets its users with “malicious malware and spyware.” And in December, Reuters published that several US State Department iPhones were hacked using NSO Pegasus malware.
Detecting infection traces from Pegasus and other advanced mobile malware is very tricky, and it’s complicated by the security features of modern OSs like iOS and Android. Based on our observations, this is further obscured by the deployment of non-persistent malware, which leaves almost no traces after reboot. Many forensics frameworks require a device jailbreak, which results in the malware being removed from memory during the reboot, thus destroying evidence. Currently, several methods can detect Pegasus and other mobile malware. The free, open source MVT (Mobile Verification Toolkit) from Amnesty International allows technologists and investigators to inspect mobile phones for signs of infection. MVT is further boosted by a list of indicators of compromise (IoCs)…
One of the most technically sophisticated exploits.
Pegasus spyware from NSO Group, an Israel-based cyber security company, has been used to hack iPhones of a dozen U.S. diplomats. The revelation comes a month after U.S. officials blacklisted the NSO Group after a report that its foreign government clients used the software to spy over rivals, political activists, human rights workers and others.
Google has published a blog post explaining how the spyware was used for hacking into iPhones without users’ knowledge.
Google’s Project Zero team has posted the blog, and it calls it “one of the most technically sophisticated exploits”. The blog post says that the spyware is very sophisticated and indicates that what was available to a handful of nations and their governments is now openly accessible to many.
The blog also has explained how the spyware gets into your phone. Earlier, the one-click phishing route was used to hack into your phone. But now, NSO offers its clients zero-click exploitation technology, which requires no clicking of a phishing message. Instead, the hack works silently in the background. “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defense,” Google wrote in the post.
The hackers need either the phone number or Apple ID of the user to hack into the system silently.
The hack rides on the back of GIF files in iMessage to target users. The GIF is used to sneak in a PDF file into an iPhone. Then the PDF file targets images and texts and virtually builds a parallel command center to carry out spying over all your computer or device activities.
“Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture…which they use to search memory and perform arithmetic operations. It’s not as fast as Javascript, but it’s fundamentally computationally equivalent,” the blog reads.
The hackers need either the phone number or Apple ID of the user to hack into the…
With voting now underway for the Oscar documentary shortlists, Academy Doc Branch members are choosing from a variety of contenders, including one from Laura Poitras, director of the Oscar-winning Citizenfour.
Poitras’s earlier film focused on Edward Snowden, the whistleblower who revealed the existence of the National Security Agency’s secret and widespread surveillance programs. Her latest, the short documentary Terror Contagion, exposes the activities of a private Israeli company called NSO, maker of a spyware program that has been deployed by numerous governments to crack down on journalists, human rights advocates and others.
“It’s classified as a cyber weapon. This is how extremely violent and invasive this technology is,” Poitras tells Deadline. “NSO Group, this Israeli company, sells to other countries, often countries that have a very bad history or track record of human rights.”
Like Saudi Arabia. The regime allegedly used the Pegasus software to infect the phone of a Saudi dissident, Omar Abdulaziz, and through that hack was able to monitor one of his friends, the journalist Jamal Khashoggi, a columnist for the Washington Post. Khashoggi was subsequently assassinated in 2018; according to an assessment by the U.S. Director of National Intelligence, Saudi Arabia’s Crown Prince Muhammad bin Salman approved the murderous operation.
“This assassination was empowered with Israeli software,” Shourideh Malavi, a researcher with Forensic Architecture (FA), says in the film. FA describes itself as a “research agency, based at Goldsmiths, University of London, investigating human rights violations including violence committed by states, police forces, militaries, and corporations.” FA’s investigation of NSO Group and Pegasus forms the basis of Terror Contagion.
Abdulaziz was living in exile in Canada when he was hacked through Pegasus malware, evidence that governments can now track perceived opponents no matter their location.
“Pegasus is being used by governments… to track people even once they have left their…