Governments must impose a global moratorium on international spyware trade or face a world where no cell phone is safe from state-sponsored hackers, warned Edward Snowden after the revelations about NSO Group’s customers.
Snowden, who orchestrated the US National Security Agency’s secret mass surveillance programs in 2013, described for-profit malware developers as “an industry that shouldn’t exist.”
He spoke in an interview with the Guardian after the first revelations from the Pegasus project, a journalistic investigation by a consortium of international media organizations into the NSO group and its customers.
quick start Guide
What is included in the Pegasus project data?
show
What’s in the data leak?
The data leak is a list of more than 50,000 phone numbers believed to have been selected as those of people of interest since 2016 by government customers of the NSO Group, which sells surveillance software. The data also includes the time and date numbers were selected or entered into a system. Forbidden Stories, a Paris-based non-profit journalism organization, and Amnesty International initially had access to the list and shared access with 16 media organizations, including the Guardian. More than 80 journalists worked together on the Pegasus project for several months. Amnesty’s Security Lab, a technical partner in the project, carried out the forensic analysis.
What does the leak indicate?
The consortium believes the data indicates potential targets that NSO’s government customers have identified in advance of possible surveillance. While the data is an indication of intent, the presence of a number in the data does not indicate whether an attempt was made to infect the phone with spyware such as Pegasus, the company’s signature monitoring tool, or whether an attempt was successful. The presence of a very small number of landline and US numbers in the data that NSO says are “technically impossible” with their tools shows that some destinations were chosen by NSO customers despite not being with Pegasus could be infected. However, forensic examinations of a small sample of cell phones with numbers on the list found close correlations between the time and date of a number in the data and the start of Pegasus activity – in some cases just a few seconds.
What did the forensic analysis show?
Amnesty examined 67 smartphones suspected of being attacked. Of these, 23 were successfully infected and 14 showed signs of attempted penetration. For the remaining 30, the tests were unsuccessful, in several cases because the handsets were replaced. Fifteen of the phones were Android devices, none of which showed signs of successful infection. However, unlike iPhones, phones running Android don’t log the types of information that Amnesty’s detective work requires. Three Android phones showed signs of targeting, such as SMS messages linked to Pegasus.
Amnesty provided Citizen Lab, a research group at the University of Toronto that specializes in examining Pegasus, with “backup copies” of four iPhones that confirmed they were showing signs of Pegasus infection. Citizen Lab also peer reviewed Amnesty’s forensic methods and found them to be solid.
Which NSO clients dialed numbers?
While the data is organized in clusters that point to individual NSO clients, it does not tell which NSO client was responsible for selecting a particular number. NSO claims to sell its tools to 60 customers in 40 countries but refuses to identify them. By closely examining the target pattern of individual customers in the leaked data, the media partners were able to identify 10 governments believed to be responsible for target selection: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. Citizen Lab also found evidence that all 10 are customers of NSO.
What does the NSO group say?
You can read the full statement from the NSO Group here. The company has always said that it has no access to the data of its clients’ goals. Through its attorneys, NSO said the consortium made “wrong assumptions” about which customers are using the company’s technology. It said the 50,000 figure was “excessive” and that the list could not be a list of numbers “targeted by governments with Pegasus”. The attorneys said NSO had reason to believe that the list the consortium is accessing “is not a list of numbers targeted by governments with Pegasus, but instead could be part of a larger list of numbers that are being targeted may have been used by customers of the NSO group for others ”. Purposes “. After further questions, the lawyers said the consortium based its findings “on the misleading interpretation of leaked data from accessible and overt base information, such as HLR lookup services, which does not affect the list of client targets of Pegasus or others”. NSO products … we still don’t see any correlation between these lists and anything related to the use of NSO group technologies. “
What is HLR Lookup Data?
The term HLR or Home Location Register describes a database that is essential for the operation of cellular networks. Such registers keep records of telephone users’ networks and their general locations along with other identifying information that is routinely used in routing calls and texts. Telecommunications and surveillance experts say HLR data can sometimes be used in the early stages of a surveillance attempt to determine if a phone can be connected. The consortium knows that NSO clients have the ability to perform HLR searches through an interface in the Pegasus system. It is unclear whether Pegasus operators are required to perform HRL searches through their interface in order to use their software; an NSO source emphasized that their customers might have different reasons, independent of Pegasus, for performing HLR lookups through an NSO system.
Thank you for your feedback signal.
NSO Group manufactures and sells to governments advanced spyware known as Pegasus that can stealthily infect a cell phone and collect its information. Emails, texts, contact books, location data, photos and videos can be extracted, and a phone’s microphone and camera can be activated to stealthily record the user.
The consortium analyzed a leaked record of 50,000 phone numbers believed to belong to people of interest to NSO’s customers. Forensic analysis of a sample of the cell phones revealed dozens of cases of successful and attempted Pegasus infections.
NSO Group says it takes ethical considerations seriously, is regulated by the export control regimes of Israel, Cyprus and Bulgaria, and only sells to verified government customers. But his clients include repressive regimes, including Saudi Arabia, the United Arab Emirates and Azerbaijan.
In an interview with the Guardian, Snowden said the consortium’s findings showed how commercial malware has enabled repressive regimes to place far more people under the invasive types of surveillance.
Pegasus: The Spyware Technology Threatening Democracy – Video
For traditional police operations to plant bugs or wiretap a suspect’s phone, law enforcement would have to “break into someone’s home or go to their car or office and we’d like to assume they’re likely to get an arrest warrant”. “, he said.
But commercial spyware made it inexpensive for targeted surveillance against far more people. “When they can do the same thing remotely at low cost and without risk, they start doing it all the time against anyone who is even marginally of interest,” he said.
“If you don’t do anything to stop this technology from being sold, it won’t just be 50,000 targets. There will be 50 million destinations and it will happen much faster than any of us expected. “
Part of the problem is due to the fact that different people’s cell phones are functionally identical, he said. “When we talk about something like an iPhone, they’re all using the same software around the world. So if they can find a way to hack an iPhone, they have found a way to hack them all. “
He compared companies commercializing vulnerabilities in popular cell phone models to an industry of “infectors” deliberately trying to develop new strains of the disease.
“It’s like an industry where they just developed custom flavors of Covid to dodge vaccines,” he said. “Their only products are infection vectors. They are not security products. They offer no protection, no form of prophylaxis. They don’t make vaccines – the only thing they sell is the virus. “
Snowden said commercial malware like Pegasus was so powerful that ordinary people could do practically nothing to stop it. When asked how people could protect themselves, he said, “What can people do to protect themselves from nuclear weapons?
“There are certain industries, certain sectors that are not protected, and so we try to limit the spread of these technologies. We do not allow a commercial market for nuclear weapons. “
He said the only viable solution to the threat posed by commercial malware is an international moratorium on their sales. “The Pegasus project shows that the NSO Group is truly representative of a new malware market that is a for-profit business,” he said. “The only reason NSO is doing this is not to save the world, but to make money.”
He said a global ban on the trafficking of infection vectors would prevent the commercial abuse of vulnerabilities in cell phones while still allowing researchers to identify and fix them.
“The solution here for ordinary people is to work collectively. This is not a problem that we want to try and solve individually because you are talking about a billion dollar company, ”he said. “If you want to protect yourself, you have to change the game, and we’ll do it by ending this deal.”
The NSO Group said in a series of statements that it denied “false claims” about the company and its customers and had no transparency about their customers’ use of Pegasus spyware. It said it only sold the software to verified government customers and that its technology helped prevent terrorism and serious crime.
After the Pegasus Project launched, Shalev Hulio, founder and chief executive officer of NSO, said he continued to deny that the leaked data “had any relevance to NSO,” but added that he was “very concerned” with the reports and made promises examine them all. “We understand that our customers may abuse the system,” he said.
Comments are closed.