Pegasus: When Cybercrime Software Becomes a Government Intelligence Tool

Once again, this computer program, designed by an Israeli cybersecurity company called the NSO group, is being implicated in a case of unlawful surveillance of a journalist and human rights activist.

This was discovered by cybersecurity experts from the international NGO on human rights and control, Amnesty International. The latter took the opportunity to study his modus operandi. This software is called Pegasus by its creators.

This article will also interest you: Focus on "Pegasus" a computer espionage program denounced by Amnesty International

As we know, just fraudulent mail, a corrupted USB stick, where visiting a malicious website to get contaminated by a hacker computer program. Taking into account a study conducted by IBM, 90% of computer security problems are due to human fault. This is why users are advised to behave well because they use digital services. However, can this be enough to protect against malware or any other illegal program?

Unfortunately, no, there are computer programs that can infiltrate a person's terminal discreetly without even the victim being exposed. Among these computer programs of particular type, there is of course that of the Israeli company NSO Group, the pegasus malware. Its use involves the method called network ejection, which allows: "allows automatic and invisible redirection of browsers and applications of the latter to malicious sites, controlled by the perpetrators of the attack and most likely unknown to the victim. Amnesty International said in its report published on Monday (June 22nd), which was posted by 16 international media.

The Amnesty International report stated: "Network injection attacks are difficult to detect because they are accompanied by very few visual cues. ». In addition, once the program is installed on the target person's smartphone, this software can allow the user to have access to all the data contained in the device performed. These include messages from calls, notes, contacts, browsing his or her, even media file content. The software can be used to control applications remotely. Turn on the smartphone's microphone or camera to be able to see and hear what's going on around.

Already in October 2019, Amnesty International publishes a report outsuming the operation of spyware provided by The Israeli company. A programme that has been used since 2017 to target certain people, especially human rights defenders such as Abdessadak El Bouchattaoui and Maati Monjib. The recent report mentions the espionage that journalist Omar Radi told me about it and this since 2019. The boss of Amazon, the American e-commerce giant would probably have been the victim of malware week. Indeed the CEO of the farm saw on the iPhone X hacker after receiving a video file via WhatsApp from Maati Monjib, a very close friend of the Crown Prince of Saudi Arabia Mohammed bin Salman. While the use of Pegasus has not been confirmed in this case, the fact remains that several cybersecurity experts have not failed to indicate that this is strong by WhatsApp.

If the Amnesty International report has had such an effect on the general public opinion it is not the fact that governments cannot use technological surveillance methods against journalists or human rights activists, but that they are able to be detected.

The non-governmental organization explains: "In the case of both Omar Radi and Maati Monjib, all attempts occurred while using their 4G mobile connection. (…) It is then enough for the victim to visit a website for the attacker to intercept the signal and divert his web browser to a malicious site, from where the Pegasus software will be downloaded. The browser then redirects to the intended site, making the attack almost undetectable. »

Accused and pointed the finger everywhere, the Israeli company, the publisher of the software Pegasus, notified that it was not working with clients who had illegal intentions to monitor people. "We are committed, as a responsible company, to ethical standards, ensuring that only approved and legitimate government bodies can use our products, and taking all acceptable measures to prevent and mitigate the impact of their misuse on human rights. NSO Group points out.

If originally that software was developed to help the fight against cybercrime and terrorism, today it is clear that it is used by many countries (45 in all), "having (…) a history of abusive behaviour by their security services," describes a report by the Canadian laboratory, CitizenLab published in September 2018.

Now access an unlimited number of passwords: