What is spyware?
The term “spyware” is having a revival as of late. While many associate spyware with popup ads and slow computer performance, current headlines see the term associated with international cybersecurity concerns.
Spyware, in a nutshell, is any malicious code that is implanted into a computer or network without the owner’s consent and then used to forward data to an unauthorized third party. Spyware is used to grab information that can then be leveraged for advertisers, phishing scams or simply sold.
Spyware is not new and has been in heavy circulation for years. In October of 2004, America Online and the National Cyber Security Alliance compiled a report that revealed that 80% of the computers they surveyed contained spyware that the user did not elect to install on their system.
Spyware has historically been more common on machines running Windows due to the prevalence of the operating system. However, recent years have seen instances of spyware increasing among Apple users.
Unlike ransomware, which is designed specifically for financial extortion and makes itself known almost immediately by prompting victims to pay up to regain control of their network, spyware is designed to be invisible and discreet.
What is Pegasus spyware?
Pegasus is the name of an advanced spyware developed by NSO Group, an Israeli technology company. So-called because it is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones. It is said to be the most sophisticated spyware available, able to transform both Android and Apple smartphones into surveillance tools that can record calls, secretly film users, track them via GPS and siphon any other information from the device to a third party.
Early versions of Pegasus required users to click on a link that then installed malicious code into their device or exploited vulnerabilities in peoples’ devices. However, this requirement has been done away with in favor of zero click exploits. This means that the code can be injected into a device without the victim ever having knowingly opened themselves up to it. Newer versions of the spyware can be installed via a missed phone call or even wirelessly if a victim is within range of a transmitter.
Pegasus is designed to leave no traces of itself on a victim’s device. However, recent developments have yielded some detection techniques.
NSO Group sells Pegasus to government entities, and markets the software as a tool that can be used to locate, monitor and apprehend criminals and terrorists. All sales of Pegasus spyware have to be first approved by Israel’s Ministry of Defense.
Recently, NSO Group has been banned from doing business in the United States, as the Biden administration has cracked down on the company for supplying their software to governments that are openly authoritarian or repressive. These governments have employed Pegasus to spy on journalists, teachers, lawyers, activists, political rivals or any others that they deem to be a threat to their power.
NSO Group has also earned the ire of private tech giants Apple and Meta, as both companies have sued the organization for exploiting their products and illegally spying on their users.
Last week, it was revealed that Pegasus spyware had been found on phones belonging to those in the US State Department.
Pegasus spyware and the US State Department
According to reports, NSO Group’s Pegasus spyware has been detected on nine US State Department employees. Other sources report that at least 11 phones have been compromised. The employees, all currently stationed in Uganda or working in some manner with the country, were notified by Apple that their phones had been infected.
NSO Group claims that Pegasus cannot be installed on phones that are registered with a US number. However, these employees were using phones with foreign numbers, opening their devices up to the software. This underlines concerns that NSO Group is either unable or unwilling to control who uses their product and for what means. It also further legitimizes claims that the company is simply not being honest about its products and engaging in a criminal enterprise.
The NSO Group has a history of shirking responsibility when it comes to the actual use of Pegasus, with CEO Shalev Hulio likening the act of blaming them for misuse to blaming an automobile manufacturer for an accident involving a drunk driver. However, this has not gone over well with privacy activists or government entities, who find the comparison of intoxicated driving and government spying to be disingenuous.
Hulio has come under fire repeatedly over the last few years for his company’s actions, and has stepped down as CEO in order to become NSO Group’s “global president.”
Who is responsible for Pegasus spyware on the phones of US diplomats?
At this time, it is not currently known what entity is responsible for infecting the phones belonging to US State Department employees.
NSO Group has pledged to investigate the reports of their software being found on phones belonging to US citizens, saying that using Pegasus to spy on the US is a “severe violation” of the company’s terms of service. The company has declined access to their products to certain government entities in the past, and has stated that it will cut off access to their service to anyone found to be using it in manners that fall outside of their licensing agreement.
What happens now?
While US-based restrictions and condemnation of NSO Group are already in place, current events further highlight the “wild west” mentality of cyberspace.
The perpetrators of this breach will likely be determined, as the full force of the US federal government focuses its attention on cybersecurity in general and Pegasus specifically. However, with international laws in place it may prove difficult to apprehend or punish the guilty parties. If NSO Group’s claims of only selling Pegasus to government entities rings true, discovery of who is to blame will also serve to inflame international tensions and further erode trust in the US government’s ability to protect its people and its interests from cybercrime and foreign espionage.
If a foreign phone number is the only barrier between Pegasus and a spying campaign targeting the US, one could also be concerned about how many other instances of the software may be present but yet undetected on the phones of American diplomats thre world over
Sources
- Pegasus spyware on State Department phones: What you need to know by Steven Shankland, 3 Dec 2021, CNET
- ETtech Explainer: What is Pegasus spyware and how it works by ETech, 21 July 2021
- Pegasus Spyware Reportedly Hacked iPhones of US State Department and Diplomats by Ravie Lakshmanan, 4 Dec 2021, The Hacker News
- NSO Group Spyware Hits at Least 9 US State Department Phones by Lily Hay Newman, 3 Dec 2021, Wired
- CEO of notorious spyware firm NSO Group will reportedly step aside by Toi Staff, 31 Oct 2021, The Times of Israel
- US State Department phones were reportedly hacked by NSO spyware by Mitchell Clark, 3 Dec 2021, The Verge
Spyware – What is it & how to remove it? by Malwarebytes
