Pegasus Spyware: The Resurfacing of Privacy & Security Breach Scandal

As a small nation, Israel takes enormous pride in its high-technology and cyber security industry. The Pegasus spyware of Israeli cyber-surveillance firm NSO Group has been reported as having infected the iPhones of activists, journalists, and human rights defenders in at least 45 countries. This is software that can hack into your smartphone, access your data, and even listen to you… and all without you knowing it.

But what is Pegasus spyware? How can it be infiltrated into cell phones without user knowledge? And how dangerous is this technology?

An introduction to NSO & Pegasus

At the center of the Pegasus spyware controversy is NSO, an Israel-based cyber security firm. Founded by Omri Lavie and Halev Haulio in the year 2008, Pegasus soon caught the attention of western soy agency executives after it developed a technology that allows the cell phone manufacturer to remotely access their consumer’s device for maintenance purposes.

Social media and encrypted messages presented a new challenge of tracking terrorist organizations using “going dark” methods. As a result, Pegasus, the mobile surveillance tool, circumvented that hurdle by infiltrating phones in order to collect personal and location data and stealthily control the smartphone’s microphones and cameras. Those tools let hackers track the communications between journalists and sources.

These programs are disguised and designed to deceive security systems. Researchers say that NSO Group’s methods for infecting its victims have become so sophisticated that it can now do so without involvement from the victim, the so-called zero-click option. The Pegasus virus infects phone systems by sending texts that entice individuals to follow a link attached. By clicking the link, the company can access the contents and history of the target’s phone and activate the phone’s microphone and camera at any time.

But, even after ten years of inception, NSO claims that it only offers its product and solutions to the governments. Again, quoting NSO’s statement, “governments on every continent except Antarctica.”

What Makes Pegasus Spyware So Dangerous?

Spyware falls under the umbrella term of malicious software. Initially introduced as mere pranks by software developers, but with technological advancement, malware has become an essential part of online frauds, cyber warfare, and other malicious deeds.

The NSO Group, whose mission is to “save lives and create a more secure, better world,” developed technology that helps government agencies detect terrorism and crime. In contrast, the recently published leak of Pegasus data and list of victims indicate that the technology has been used to spy on journalists and ministers.

A collaboration by massive international media and human rights houses, the Pegasus Report published over two months ago, leaked 50,000 phone numbers being tapped by Pegasus spyware. With the advancement of its zero-click option, the dangerous technology could now be placed into any phone just by a missed call.

Once more in the news for spying, the Pegasus program can be delivered unknowingly to an individual’s mobile device. Besides collecting all personal information, it also tracks user activity within apps, gathers location data, and even accesses its camera or microphone.

Pegasus was first placed under the limelight in the year 2012 by the Israeli journalist Shay Aspril during its first sale to Mexico. His book, The Judge, explores Israel’s high-tech fields’ numerous dubious ethics.

Advocates of Israel’s Internet security industry claim NSO has tarnished its otherwise highly respected industry that defends nations against cyber threats. Tel Aviv University reported that Israeli exports of cybersecurity in 2020 were worth $6.85 billion. In addition, Israel has been portrayed as a lab for spy technology by Palestinians, where young recruits are studying cyber security and selling their knowledge to the private sector.

Who can be Hold Accountable for the Privacy Breaches?

In recent years, NSO says it tightened its protocols, was more selective in choosing clients and had blocked governments from access to the spyware on five occasions. However, it says it does not influence who is spied upon. The Washington Post reports that in the past year, the company cut off Saudi Arabia from access and Dubai in the United Arab Emirates.

Furthermore, the law passed by the Israeli government in 2007 for regulating the export of cyber technology frees the government from any interventions in the information gathered by NSO’s clients. After the leak of the spyed-over victims, NSO cleared that it only sells its spyware to government officials of the UAE, Hungary, and Saudi Arabia.

Pegasus Spyware: The New Generation of Cyber Warfare

In late July, United Nation’s human rights experts called out for international collaboration to put a global moratorium on the purchase and sales of spyware or extensive malware technology. The experts stated, “Given the extraordinary audacity and contempt for human rights that such widespread surveillance shows if the denial of collusion by the NSO Group is to have any credibility at all, the company must disclose whether or not it ever conducted any meaningful human rights due diligence.”

Forensic Architectures Shourideh Molavi and Eyal Weizman recently published their open-source investigation and displayed their gathered information on the pegasus infection. The report highlights how spyware and malware like Pegasus can relate to the violence in the real world and how it has costed many lives.

Former UN rapporteur David Kaye says that cyber spying is not just limited to Israel, and democracies around the globe need to regulate the growing risk.