Arnon Grunberg
Words
About
Now
Blog
RecentBlog Archive
CalendarNews

Conversations

Vicinity

July 23 2021, Davos, Switzerland

On Pegasus – Kim Zetter on Substack:

‘When more than a dozen media outlets published stories this week about a spy tool that targeted the phones of journalists, activists, and others, the public took note in ways it hadn't in the past.
It wasn’t the first time articles about the Pegasus spy tool had been published; nor were the stories the first to reveal that NSO Group — the Israeli company behind the tool — sold it to repressive regimes around the world, who used it to spy on dissidents and journalists, despite NSO claims to the contrary.’

(…)

‘Pegasus is powerful surveillance software that can steal passwords for accounts and siphon content from phones — such as contacts and call records, emails, text messages, photos, and stored audio recordings. It can also grab screenshots and monitor browsing activity, surreptitiously enable the phone’s mic for real-time monitoring of conversations, or turn on the camera to capture images of people in the phone’s vicinity and their environment.’

(…)

‘Pegasus is powerful surveillance software that can steal passwords for accounts and siphon content from phones — such as contacts and call records, emails, text messages, photos, and stored audio recordings. It can also grab screenshots and monitor browsing activity, surreptitiously enable the phone’s mic for real-time monitoring of conversations, or turn on the camera to capture images of people in the phone’s vicinity and their environment.
The software can be planted on phones remotely by sending a text message to the phone with a link — when the user clicks on the message it takes their phone’s browser to a malicious site that downloads the malware. Or it can be planted on phones with what’s called a zero-click exploit. A zero-click exploit is malware that can be sent via an iMessage, for example, that doesn’t require the user to interact with it at all before it installs the spyware on their phone.
NSO Group says Pegasus is sold only to governments and law enforcement agencies for purposes of tracking terrorists, pedophiles and other criminals. But a number of repressive regimes with poor human rights records have been caught using the tool to spy on human rights activists, journalists and anyone else who is critical of their regime.’

(…)
‘Someone leaked the list to Forbidden Stories, a collaborative non-profit journalism organization based in France. Forbidden Stories and the human rights group Amnesty International then shared the list with more than 80 journalists from 17 media organizations who worked to identify the owners of the phone numbers and track them down, under the banner of the Pegasus Project. The consortium was able to identify the owners of about 1,000 phones in more than 50 countries, according to the Post, and found that the list included several heads of state, cabinet ministers, diplomats, 85 human rights activists, 189 journalists, 65 business executives, military officers and others of note. The latter includes the former wife of assassinated journalist Jamal Khashoggi, and Princess Latifa bint Mohammed al-Maktoum, daughter of Dubai’s ruler, who plotted an elaborate escape from her country and family in 2018, only to be captured and returned home.
The Organized Crime and Corruption Reporting Project — a member of the consortium — has put together a page for looking up the names of the small subset of people who have been identified so far as having a phone number on the list.’

(…)

‘"Around one month ago we received the first approach from an information broker," NSO chief executive Shalev Hulio told the Israeli media outlet Calcalist. "He said that there is a list circulating in the market and that whoever holds it is saying that the NSO servers in Cyprus were hacked and that there is a list of targets there and that we should be careful. We looked into it. We don't have servers in Cyprus and don't have these types of lists, and the [50,000] number doesn't make sense in any way so it has nothing to do with us.” NSO is based in Israel, but in 2014 it merged with a company called Circles Technologies, which was registered in Cyprus. Circles was founded by an Israeli named Tal Dilian, a former commander in the Israeli military’s Intelligence Corps Technological Units, who claimed that Circles’s technology could track any phone in six seconds using just its phone number.’

(…)

‘“If you take NSO's entire history, you won't reach 50,000 Pegasus targets since the company was founded,” Hulio said. “Pegasus has 45 clients, with around 100 targets per client a year. In addition, this list includes countries that aren't even our clients and NSO doesn't even have any list that includes all Pegasus targets - simply because the company itself doesn't know in real-time how its clients are using the system."
There is nothing on the list to indicate what purpose it’s meant to serve or who compiled it, according to the Post and other media outlets participating in the Pegasus reporting project. There is also nothing on the list that indicates if the phones were spied on, were simply added to the list as potential targets for spying or if the list was compiled for a completely different reason unrelated to spying.’

(…)

‘The controversy doesn’t negate the central thesis and findings, however: that NSO Group has sold its spy tool to repressive regimes, and some of those regimes have used it to spy on dissidents and journalists.’

(…)

‘After identifying the owners of some of the phone numbers, the consortium contacted some of those people to ask if they would allow Amnesty International to forensically examine the phones for evidence of spying.
Amnesty International’s Security Lab was able to do forensic analysis of 67 of the phones, according to the Post, after which their analysis was peer-reviewed by the University of Toronto's Citizen Lab. Amnesty found evidence on 37 of those phones that someone had either attempted to infect the phones with Pegasus or was successful at doing so.
Of those 37 phones, 23 showed signs of a successful Pegasus infection and 14 showed signs of an attempted infection. The 23 infected phones were all iPhones. Of the phones that showed attempted infections, 11 were iPhones and 3 were Android phones. All of the Pegasus infections or attempted infections occurred between 2014 and July 2021.’

(…)

‘Among the phones that were targeted were those of Hanan Elatr, Jamal Khashoggi’s wife at the time of his death, and his fiancee, Hatice Cengiz. A forensic examinationconducted by Amnesty International found evidence that someone masquerading as Elatr’s sister sent texts to Elatr’s phone in November 2017 and April 2018 (six month’s before Khashoggi’s murder) with links that could have downloaded the spyware to her phone. She told the Washington Post that she had no memory of clicking on the links, and the Amnesty team could not determine if the attempts were successful, because the logs on Ekatr’s Android phone were not sufficient to do this.
Cengiz’s phone was successfully infected with Pegasus, however, four days after Khashoggi’s murder, and five more times over subsequent days, according to the Post.
A close associate of Khashoggi was also successfully hacked after the journalist’s murder. But Amnesty’s analysis “could not determine what was taken from the phone or whether any audio surveillance took place,” according to the Post. Khashoggi’s own phone is in the hands of Turkish authorities, who refused to say if his phone had been hacked.’

(…)

‘NSO’s CEO has said the list has no connection with his company or with Pegasus and that it is in no way a list of people being targeted for spying with Pegasus.
He also denies outright that Pegasus was used to monitor Khashoggi or his wife and fiancee. The company claims it looked into the allegations and concluded that its spyware played no part in their surveillance.
“[O]ur technology was not associated in any way with the heinous murder of Jamal Khashoggi,” NSO said in a statement. “This includes listening, monitoring, tracking, or collecting information.” But Hulio has made contradictory statements. He has said that NSO does not know who the targets of its customers are and does not have access to that information. He also asserts confidently that Khashoggi was never targeted with Pegasus. How can he know this? Hulio says that per their customer contract, if NSO gets reports of a customer misusing their spyware, customers are required to provide NSO with access to their logs to see which phone numbers they targeted for surveillance. It’s not clear, however, if it’s possible for customers to alter those logs in ways that wouldn't be detected or provide false logs.
Hulio says he was given a list of the 37 phone numbers that Amnesty found were targeted with Pegasus and after doing an investigation concluded that not a single oneof them was targeted with Pegasus spyware, he told Forbes.’

(…)

‘But because NSO has insisted that the list of phone numbers leaked to the consortium is not related to NSO or Pegasus, this would suggest this database was not part of that integrated lookup. It could, however, be a database maintained by a third-party HLR lookup service whose customers include regimes that use Pegasus. Or it could also be an HLR lookup database that is completely benign and not used in conjunction with spying at all, as NSO suggests, and it just happens to include numerous people who have been spied on or would be coveted targets for spying by NSO customers.
The bottom line is that there are still a lot of unanswered questions about the database that served as the basis for the Pegasus Project stories. And it’s not clear if answers to those questions will come any time soon.’

Read the article here.

A detail first, or maybe it’s not a detail, why mention ‘terrorists, pedophiles and other criminals?’ You have ordinary criminals, terrorists (violence based on ideology, profit is just a means to an end) and pedophiles? The child might have replaced God as a holy being (some children are holy at least) but the common hatred of pedophiles should not become a norm.

Secondly, according to this article, the revelations by the ‘consortium’ might be less revealing than it seemed at first.
Yes, Macron and the Moroccan king are on the list – to name just two celebrities – but what this actually means is unclear and, according to Kim Zetter, this might remain unclear for a long long time.

Also, the fight against all sorts of spyware is probably more difficult than the fight against more conventional weapons. And we all know that even that fight was at best half successful.

In some states the state monopoly on violence is more than a symbol.

discuss on facebook