Leak Uncovers Global Abuse of Cyber-Surveillance Weapon

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.

The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.

Full article
 

SpiderWeb

Level 9
Verified
Well-known
Aug 21, 2020
424
It's freaking me out that this is a zero-click exploit. All it takes is you having either Whatsapp or iMessage and you receive the message. If you want it or not, spam or not. Apple sandboxed the hell out of iMessage recently and this exploit can break out of the sandbox. The solution needs to be to keep track of and restrict what code can run in kernel space.
 

JoyousBudweiser

Level 14
Verified
Top poster
Well-known
Aug 22, 2013
687
It's freaking me out that this is a zero-click exploit. All it takes is you having either Whatsapp or iMessage and you receive the message. If you want it or not, spam or not. Apple sandboxed the hell out of iMessage recently and this exploit can break out of the sandbox. The solution needs to be to keep track of and restrict what code can run in kernel space.
Pegasus is created by professionals with proper corporate structure. Its not a creation of a single person. Years of research goes in to it and it has the support from States especially from countries like USA, ISRAEL and some other countries. Hence its not that easy to fend off the threat from Pegasus by just making your kernel more secure, they will surely find some other loophole, as they have the funds and people to do it. When States decide to hunt you and track you, there is no stopping them, you will get tracked, Pegasus is just "a" tool, there are must be so many which are yet unknown to us.
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
560
I'm sure no one has abused these mass surveillance weapon/tools to spy on an ex or something like that. :ROFLMAO:

Governments can classify a wide range of people has criminal or terrorists. Anyone who opposes the local government
can be classified has a "criminal" or even a "terrorist". Look he/she j-walked across the street it's a crime, now give me access to all their data.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,871
Surveillance tools or stalkerware, is sadly much more common then one might think.
Thankfully many of the major AV vendors work together on this problem and got a good overview on what type of surveillance tools are used against partners, wifes, ex and even family and friends.
These tools are specific created to go undetected and hidden as long as possible, against AVs and other security tools/tweaks. Some even sold. Very similar the tools in the article. It's a genuine problem that also many times go " under the radar " because the victims that gets attacked by these lowlifes, are natural afraid to report it.
 
F

ForgottenSeer 85179


Best against such 0day exploits (until they're fixed) is rebooting device as much as possible. At least once a day.
 

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
Amazon Web Services (AWS) has banned NSO Group, the company behind the Pegasus spyware program. Vice reported the ban this morning, the day after a sweeping report alleged Pegasus was used to target the phones of human rights activists and journalists.

An Amnesty International investigation into Pegasus says the tool compromised targets’ phones and routed data through commercial services like AWS and Amazon CloudFront, a move that it said “protects NSO Group from some internet scanning techniques.” (Vice notes that a 2020 report previously described NSO using Amazon services.) Amnesty International wrote that it had contacted Amazon about NSO and Amazon had responded by banning NSO-related accounts. “When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an Amazon Web Services spokesperson confirmed to The Verge.

 

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605

Our investigation shows how repressive regimes can buy and use the kind of spying tools Edward Snowden warned us about

Billions of people are inseparable from their phones. Their devices are within reach – and earshot – for almost every daily experience, from the most mundane to the most intimate.

Few pause to think that their phones can be transformed into surveillance devices, with someone thousands of miles away silently extracting their messages, photos and location, activating their microphone to record them in real time.

Such are the capabilities of Pegasus, the spyware manufactured by NSO Group, the Israeli purveyor of weapons of mass surveillance.

NSO rejects this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”.

Yet in the coming days the Guardian will be revealing the identities of many innocent people who have been identified as candidates for possible surveillance by NSO clients in a massive leak of data.

Without forensics on their devices, we cannot know whether governments successfully targeted these people. But the presence of their names on this list indicates the lengths to which governments may go to spy on critics, rivals and opponents.

Full article
 

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
An associate professor at the Johns Hopkins Information Security Institute has said that Apple can and must do more to prevent NSO attacks.

He argues that while it’s true that it is impossible to completely prevent exploits based on zero-day vulnerabilities, there are two steps that the iPhone maker can take to make NSO’s job much harder …

Cryptographer Matthew Green makes his case in a blog post. He says the most worrying aspect is apparent zero-click attacks sent via iMessage. Simply receiving the message is enough to take control over the iPhone: The attack doesn’t need the user to interact with it in any way.

A more worrying set of attacks appear to use Apple’s iMessage to perform “0-click” exploitation of iOS devices. Using this vector, NSO simply “throws” a targeted exploit payload at some Apple ID such as your phone number, and then sits back and waits for your zombie phone to contact its infrastructure.

This is really bad. While cynics are probably correct (for now) that we probably can’t shut down every avenue for compromise, there’s good reason to believe we can close down a vector for 0-interaction compromise. And we should try to do that.

The rest
 

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
South Africa’s Cyril Ramaphosa also among 14 world leaders identified in records

The leaked database at the heart of the Pegasus project includes the mobile phone numbers of the French president, Emmanuel Macron, and 13 other heads of state and heads of government, the Guardian can reveal.

The South African president, Cyril Ramaphosa, and the Pakistani prime minister, Imran Khan, are also listed in the data, which includes diplomats, military chiefs and senior politicians from 34 countries.

The appearance of a number on the leaked list – which includes numbers selected by governments that are clients of NSO Group, the Israeli spyware firm – does not mean it was subject to an attempted or successful hack. NSO insists the database has “no relevance” to the company.

NSO said Macron was not a “target” of any of its customers, meaning the company denies he was selected for surveillance using Pegasus, its spyware. The company added that the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus.

Full article
 

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
iOS security researcher Will Strafach agrees with a recent claim that Apple can do more when it comes to combating NSO and others who exploit combat zero-day vulnerabilities in iOS.

It follows a report by Amnesty International that said that NSO spyware Pegasus was being used to mount zero-click attacks against human rights activists, lawyers, and journalists …

Background​

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.

NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted.

Johns Hopkins cryptographer says Apple can do more​

Johns Hopkins associate professor and cryptographer Matthew Green said earlier this week that there are two steps Apple can take to make such attacks more difficult.
Apple will have to re-write most of the iMessage codebase in some memory-safe language, along with many system libraries that handle data parsing. They’ll also need to widely deploy ARM mitigations like PAC and MTE in order to make exploitation harder […]

Apple already performs some remote telemetry to detect processes doing weird things. This kind of telemetry could be expanded as much as possible while not destroying user privacy.

The rest
 

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
Israeli government officials this week visited the offices of NSO as part of an investigation into the developer's Pegasus spyware, which was reportedly deployed against journalists, politicians, activists and other prominent public figures.

Officials are scrutinizing NSO's business practices on the back of allegations that governments and other entities leveraged Pegasus to target dissidents and journalists, Israel's Ministry of Defense said in a statement on Wednesday, as reported by MIT Technology Review.

Israel declined to name the agencies conducting the NSO inquiry, but local media outlets have in the past claimed a number of groups are investigating the matter including the foreign ministry, justice ministry, Mossad and military intelligence, the report said.

Full article
 

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
NSO’s Pegasus spyware has reportedly been used by governments to obtain private photos from the phones of female journalists and activists.

These photos were then posted online with the aim of attacking their reputation, in at least one case by falsely suggesting that a bikini photo was taken at the home of a journalist’s boss …

'I will not be silenced': Women targeted in hack-and-leak attacks speak out about spyware

Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.
 
Last edited: