An investigation by Forbidden Stories and sixteen media has highlighted the use of the Pegasus cookie, marketed by the Israeli company NSO Group to infect smartphones. It has been sold to 55 countries and its use has been observed in several murder and disappearance cases, including numerous journalists.
What is Pegasus?
Pegasus is often described as software or a cookie: this commercial solution is sold by the Israeli company NSO Group to infect smartphones, Android but also iPhone. This software leaves few traces behind, so it is difficult to identify.
Invisible to the phone user, the software can be installed remotely, without the target even having to click on a malicious link, and discreetly, relying on security holes in Apple’s software. and Google.
This software is only marketed to states or government agencies with the endorsement of the Israeli government. The software was sold to 55 countries, including several democracies and European countries..
Who is behind the current revelations?
Forbidden Stories and a consortium of 17 media have nevertheless managed to track him down, with the help of Amnesty International and the Citizen Lab. They have listed 50,000 phone numbers that were targeted, including more than 1,000 in France. These 50,000 numbers were entered by around ten NSO customers into the system that activates the software.
More than 80 journalists have done a titanic job to identify the carriers of the telephone numbers.
What is stolen?
It is not just a question of telephone tapping. This software sucks all the data from the smartphone: photographs, videos, address cards, locations… but also messages encrypted in software such as Signal or WhatsApp.
By relying on flaws, which Google and Apple take time to correct, Pegasus is constantly evolving to adapt to new versions of the OS that we use every day.
What did we learn?
Obviously, the use of Pegasus is carried out outside any legal framework, this results in data on very sensitive cases.
It is above all journalists, opponents, lawyers, human rights defenders who are the main targets of this sophisticated spyware. Finally, there are few cases of political surveillance, it is journalists who are the main targets.
Who was targeted?
This software is used to monitor political opposition, but also for industrial espionage or even press monitoring. It has not been used in France, but it is the Moroccan government that has targeted many French numbers with the code “+33”.
There are journalists, athletes, imams, priests, lawyers, YouTubers … About thirty French journalists and media bosses are on Pegasus’ target list, in editors as varied as Le Monde, Le Canard enchaîné, Le Figaro or even AFP and France Télévisions.
The name of Edwy Penel is present: the founder of Mediapart had criticized the police repression of demonstrations in the Rif, as well as that of Eric Zemmour for example. Some journalists seem to have been targeted only to retrieve their address book and thus reach other targeted journalists.
We find the software behind several scandals that led to the murders and the disappearance of many opponents, journalists … This is the case, for example, of Jamal Khashoggi, the Saudi columnist for the Washington Post assassinated on October 2, 2018 in Istanbul, Turkey. Traces of the Pegasus software can also be found in the phones of several relatives of the Saudi opponent who were also murdered.
In Mexico, more than 15,000 journalist numbers have been found, including that of Cecilio Pineda, a journalist assassinated in March 2017.
Investigations are only just beginning. This software has undoubtedly been used in many murders or arrests around the world.
And the rest?
NSO continues to explain that they are developing this solution in good faith. According to them, it has saved many lives. Based on the investigations, they also explained that they will close access to the tool to offending customers. This is what happened in 2018, after the assassination of Jamal Khashoggi, NSO suspended Pegasus’ access to Saudi Arabia, pending the results of the investigation. But the company reportedly re-authorized its access in 2019 under pressure from the Israeli government.
Several security vulnerabilities are still exploitable. Apple and Google should react quickly given the scale of the current revelations. This should not prevent NSO from adapting its software and continuing to market it when the international framework for its exploitation is non-existent.