Pegasus

[Odds]

The mobile phones of more than 30 people in Jordan, including journalists, lawyers and activists, were hacked with the Israeli-made Pegasus spyware over several years, a new investigation has found. The joint investigation, conducted by the Access Now internet advocacy group, the Citizen Lab rights group and other partners, highlighted on Thursday at least 35 cases of people who were targeted with the software, which is made by Israel’s NSO Group. Most of the cases dated from 2020 to late 2023. “We believe this is just the tip of the iceberg when it comes to the use of Pegasus spyware in Jordan, and that the true number of victims is likely much higher,” Access Now said.

Pegasus, which can seize control of a phone’s microphone and camera and access documents, made headlines when a 2021 leak suggested there were about 50,000 potential victims of the malware around the world, many of them dissidents, journalists and activists.

NSO Group faces multiple lawsuits from Apple and others, but it continues to sell its products to governments around the world, claiming that it sells the spyware only to vetted intelligence and law enforcement agencies in the interests of peace. But cybersecurity researchers who have tracked its use in 45 countries have documented dozens of cases of politically motivated abuse of the spyware – from Mexico to Thailand and Poland to Saudi Arabia.

In 2021, the United States blacklisted NSO Group, accusing it of developing and supplying the spyware to foreign governments “that used these tools to maliciously” target a range of actors, including journalists and activists.

Al Jazeera.com

 

[Odds]

A new forensic investigation by Amnesty International and The Washington Post has shown the use of the Israeli Pegasus spyware, likely by the Indian government, to surveil high-profile Indian journalists. A report detailing the findings was published on Thursday. Founding editor of The Wire, Siddharth Varadarajan, and South Asia editor at the Organized Crime and Corruption Report Project (OCCRP), Anand Mangnale, were among those recently targeted using Pegasus spyware on their iPhones. The latest attack was identified in October 2023.

Early versions of the spyware targeted users through phishing attacks. This means a malicious link was sent to targets through emails or text messages. If the targets clicked on the link, the spyware would be installed on their phones. However, the technology has advanced since then and now Pegasus can be installed without the target having to click a malicious link. Instead, it can infect a device through what are known as “zero-click” attacks. This is done by exploiting vulnerabilities in phones’ operating systems that even the developers are unaware of.

 

[Odds]

The management of several companies linked to NSO Group, the spyware company blacklisted by the Biden administration, has moved to London.

The Guardian has learned that five NSO-linked companies will now be managed in London by two recently appointed UK-based officers. A spokesperson for the groups said the entities would remain “Luxembourg companies” but did not dispute they would be managed from London.

Researchers at the Citizen Lab at the University of Toronto disclosed in 2022 that it believed Downing Street had been targeted by “multiple” suspected infections using Pegasus. The researchers said the United Arab Emirates was suspected of orchestrating the attacks on No 10 in 2020 and 2021. At the time, NSO said it was being targeted by “politically motivated advocacy organisations” that produced allegedly “inaccurate and unsubstantiated reports”.

 

[Odds]

Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware.

As laid out in the UN Guiding Principles on Business and Human Rights, NSO Group should urgently take pro-active steps to ensure that it does not cause or contribute to human rights abuses within its global operations, and to respond to any human rights abuses when they do occur. In order to meet that responsibility, NSO Group must carry out adequate human rights due diligence and take steps to ensure that HRDs and journalists do not continue to become targets of unlawful surveillance.

In this Forensic Methodology Report, Amnesty International is sharing its methodology and publishing an open-source mobile forensics tool and detailed technical indicators, in order to assist information security researchers and civil society with detecting and responding to these serious threats.

Amnesty.org