Pegasus: zero-click cyberattack


Zero-click attacks require no action on the part of smartphone owners. This is the basis of the Pegasus spyware technology, the victims of which are even experienced users.

Pegasus can seamlessly infiltrate cell phones, leaving virtually no trace behind it. The program is able to read information about the owner of the phone: conversations, messages, photos, geolocation, access to the camera and microphone, etc. There’s no defense against the software’s sophisticated tactics, they say.

It’s no coincidence that the creators of the spy program gave it the name Pegasus, the name of a mythical winged horse that looks more like a Trojan.

The very history of NSO Group, in the bowels of which this «horse» was born, is in many ways similar to the mythical one.

Its founders are two twenty-year-old Israelis Omri Lavi and Shalev Julio. Both have served in a special unit of the Israel Defense Forces. They started their business in the 2000s, inventing a technology that allowed cell phone manufacturers to remotely access customers’ phones for maintenance.

But the NSO Group’s story didn’t start with that, but with a sudden request from law enforcement agencies in a European country. The young entrepreneurs were on their way to the meeting, fearing whether there was something illegal in their actions. However, instead of accusations, they received an unexpected offer: to «finish» the invented technology to tap the phones of terrorists, mafia members and other criminals.

So, maybe we should make a version in favor of the state interests? Their previous owner did not approve of the change of course, and the young entrepreneurs decided to create their own company. This is how NSO Group was launched in 2010, its main trump card was Pegasus, which was used for targeted cyber espionage. The founders, in order to «sleep well», immediately defined for themselves three principles of work, — says one of them, — To issue licenses only to certain government organizations, not to have any information about what their software is used for, and to get the approval of the Ministry of Defense of Israel for transactions. In addition, all of the company’s clients must guarantee that its software is used only against criminals and only by law enforcement agencies.

During its existence, the company has grown to a staff of 750 people with a potential value of about 2 billion dollars. And for more than a decade NSO Group has been accompanied by high-profile scandals and revelations. Investigations by influential media outlets such as the Washington Post, Guardian, and Le Monde proved that NSO Group supplied software to intelligence agencies and militaries around the world without taking responsibility for who was being spied on. A number of governments have been subjected to cyber hacks.

The program can generate its own codes to provide continuous access to the device owner’s cloud accounts. It also includes a self-destruct function — confirmed not long ago by The Citizen Lab, a Canadian information security research lab. Lab employee Bill Marshak, who discovered his phone had been hacked, told the BBC how it works.

«NSO Group sells the Pegasus program to dozens of countries. At first, an iPhone user, to get bugged, had to click on a link planted on their phone to trigger the hack, but now that’s not required either. You don’t do anything at all, your phone is lying on the table, but at any moment it can be hacked».

According to the Israeli analytical portal Details, with the permission of the Israeli Ministry of Defense, the program began to be sold on the open market. Thus, the Mexican authorities used it to catch the famous drug lord El Chapo. At least 40 countries, including European ones, have used Pegasus to prevent terrorist acts and the sale of children, as well as to fight the mafia. Under contract with the FBI, the source says, the program could penetrate more than just the phones of people under intelligence agency work. However, it did not come to the real hacks in the U.S., at the end of last year the company was imposed government sanctions for all those illegal hacks, which with the help of Pegasus were carried out in various countries around the world.

The company itself neither confirms nor denies these information. The developers of the spy program avoid publicity. NSO Group is known for its cautiousness in disclosing information about its external and internal activities. Yet one day the developers openly stated:

«If anyone says they’ve found a better way to catch criminals, terrorists and pedophiles, I will shut this company down», Julio said. «Someone has to do the dirty work», Omri Lavi echoed him.

Some in Israel call them secret superheroes to whom thousands owe their lives. Hundreds of prevented terrorist attacks around the world, «live bombs» defused at the last moment, drug lords sent to jail — all this is the result of NSO Group’s work.

Pegasus spyware is classified by Israel as a weapon, and any export of this technology must be approved by the government.

Israel’s Defense Ministry said Israel only allows cybersecurity-related products to be sold to government agencies and only to fight crime and terrorism.

«If it is found that [NSO Group products] were used in violation of the terms of the license or the assurances of the purchasing countries, we will take appropriate measures», Israel’s Defense Ministry said in a statement.

Nevertheless, as Walla recently reported, the Cabinet is expected to approve a proposal to establish a government commission to investigate the use of the spy computer program by police and prosecutors. The Knesset has proposed revising the state’s policy regarding the export of cybersecurity tools. The formation of the commission, according to Walla, is opposed by law enforcement, counterintelligence, and police. With the appearance of this product in the hands of law enforcement agencies, the number of terrorist attacks in Israel has decreased many times, according to representatives of intelligence agencies.

Meanwhile, in Israel, the program’s tools have been adopted not only by special agencies to combat terrorism, but have also become part of the active arsenal of the police. According to reports in the Israeli media, the police began using Pegasus to listen to politicians, ministers, deputies, publishers of major newspapers, directors of influential companies, their relatives, former and current government officials, their friends, mayors of cities, organizers of political actions, including opposition ones, Prime Minister Netanyahu and members of his family. The full list has not yet been finalized, but we are talking about hundreds of people, analysts believe. Information obtained in this way was passed on to the Tax Authority, the Antitrust Committee and other bodies with no idea of the sources. Much evidence has emerged that the tool has been used to spy on political opponents and others far beyond Israel’s borders.

Experts are increasingly insistent on the need for new laws and protocols to regulate the rules for storing personal information on the Internet and protecting access to it. The Pegasus situation has triggered an international reaction. Several regional blocs have launched investigations and imposed restrictions on the use of the software.

The only thing holding back Pegasus from mass use is the price — the cost of such targeted attacks is estimated at tens of millions of dollars.