The Strongest Spyware: The Hardest National Security Threat to Guard Against

Recently, the Israeli spyware Pegasus has once again become the focus of attention in Europe and the United States. In early May, Spanish Prime Minister Sanchez confirmed that he was hacked by Pegasus software, becoming the first confirmed case of a current global head of government. Earlier, traces of Pegasus spyware activity were also found on devices connected to the office of British Prime Minister Boris Johnson.

The spate of revelations has sparked widespread controversy over the use of surveillance software. The investigation of the Pegasus project carried out around the world shows that more than 450 suspected Pegasus invasion incidents have been found around the world, and the victims are spread all over the world, including leaders of many countries.

At present, Pegasus software has been blacklisted by the US Department of Commerce and is under investigation by the European Parliamentary Committee. The frequent revelations of Pegasus intrusions underscore the national security threat posed by spyware.

No Effective Response Crrently

The British “Guardian” believes that Pegasus software “may be the most powerful spyware ever”, which can turn mobile phones into “24-hour surveillance devices” – collecting users’ location, data, passwords, photos, web searches information and other data.

The most advanced malware detected in real use, Pegasus spyware exploits zero-day vulnerabilities in popular apps like WhatsApp, iMessage, FaceTime, and more, infecting smartphone operating systems — iOS, iPadOS, and Android.

In 2016, researchers discovered an earlier version of Pegasus, which infects mobile phones primarily through spear phishing — through text messages or emails, tricking targeted users into clicking on malicious links.

Since then, Pegasus’ attack capabilities have become more advanced: infection can be achieved through so-called “zero-click” attacks. This attack does not require any interaction from the mobile phone user to succeed. These often exploit “zero-day” vulnerabilities, system flaws or bugs that are not yet known to the phone manufacturer and cannot be fixed.

In the case of unsuccessful spear phishing and zero-click attacks, attackers can also use wireless transceivers near the target to achieve infection; if they have the target’s phone, they can also be installed manually.

Once the target mobile phone is infected with Pegasus software, the mobile phone becomes a miniature bug, and the attacker can almost steal information from the mobile phone: from geographical location, information, passwords, photos, Internet data, and even control the opening of cameras and recordings.

Some security researchers believe that there is no way to effectively prevent Pegasus software intrusion. The powerful functions have earned Pegasus software the reputation of “the most powerful cyber weapon in the world”.

Pegasus is extremely versatile, sniffing communications, stealing messages and call logs from apps like WhatsApp, Facebook, Twitter, Skype, and Gmail; it includes keylogging and screen capture capabilities, and can even control your phone’s camera and microphone.

Pegasus software development agency, NSO Group, an Israeli company headquartered in northern Tel Aviv, was founded by former Israeli intelligence officers. For nearly a decade, the Israeli company has been selling the military-grade surveillance software to national intelligence agencies around the world on a subscription basis, promising to do what no one else (even national intelligence agencies) can do — Consistently and reliably break encrypted communications on any iPhone or Android smartphone.

The Spyware Crisis Intensifies

Although NSO Group claims on its official website that it mainly develops “technology to help government agencies prevent and investigate terrorism and criminal acts” to save the lives of countless people around the world, the company also admits after many recent intrusion incidents that as a software Providers do not have control over the specific attack targets of their customers.

Security researchers have found that Pegasus spyware has been used to target politicians and lawyers around the world and even pose a serious threat to national security.

According to the Pegasus Project investigation carried out around the world, more than 450 suspected Pegasus intrusion incidents have been detected around the world, and the victims are spread all over the world – from India and Uganda, to Mexico and the West Bank, including France, Pakistan And Moroccan leaders, U.S. officials, and even former leaders of some countries are also on the list of victims.

Currently, Spanish Prime Minister Pedro Sanchez is the most senior official confirmed to be infected with spyware. It is also the first European leader to be confirmed as a victim of spyware. The Sanchez hack deepens the EU’s spyware crisis.

In early May, the Spanish government confirmed that the mobile phones of the country’s Prime Minister Pedro Sanchez and Defense Minister Margarita Robles had been tapped by Pegasus spyware. It was later confirmed that Interior Minister Fernando Grande-Marlaska was also attacked. Paz Esteban, head of Spain’s National Intelligence Center (CNI), was fired for this.

The Spanish government disclosed that Sanchez’s phone was hacked twice in May 2021; Robles’ phone was hacked in June 2021. Hackers stole 2.6 GB of information from Sanchez’s phone and 9 MB from Robles’ phone. A detailed report on the intrusion has now been handed over to the Spanish National Court for further investigation.

In addition, the equipment of British government officials has also been targeted by spyware. In April 2022, the Citizen Lab at the University of Toronto warned that the smartphones of UK government officials had been targeted by spyware, turning them into remote listening devices. The agency’s researchers discovered multiple incidents of suspected Pegasus spyware infections on official UK networks. These include the Prime Minister’s Office and the UK Foreign and Commonwealth Office. The spyware attack is believed to have started with a targeted infection of systems associated with the UK Foreign and Commonwealth Office. Citizen Lab is the world’s leading spyware research organization.

U.S. diplomats have also previously exposed incidents of being hacked. An investigation by The Washington Post and 16 other news organizations found that U.S. diplomats and other embassy employees were at risk of a Pegasus spyware breach, especially when using overseas phone numbers.

In December 2021, Apple warned 11 US embassy employees that their iPhones had been hacked by NSO Group’s Pegasus spyware. The incident is the first confirmed case of Pegasus software attacking U.S. officials. The attacks focused on the U.S. embassy in Kampala, Uganda, according to people familiar with Apple.

In fact, in 2020, the United Nations called for an investigation into Pegasus software after spyware such as Pegasus may have broken into the phone of Amazon founder Jeff Bezos. In July 2021, the Pegasus Investigative Project, a collaboration between media agencies and NGOs, revealed a global list of more than 50,000 smartphone numbers, most of which were concentrated in NSO’s national customers, meaning that the list may be potential surveillance targets. The phone numbers are concentrated in ten countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates (UAE), all of which have been clients of the NSO Group

Of course, Pegasus is highly customizable and expensive to use, which means that ordinary businesses won’t be targeted.

Serious Threat to Data Security
Repeated cyberattacks on world shows the security threat posed by ransomware. National governments and organizations should attach importance to data security and do a good job in data protection and recovery. Use backup to do data disaster recovery and avoid data leakage to the greatest extent, so as to protect the security of national and public information. Nowadays, the most common used backup solution is virtual machine backup through VMware, Hyper-V, oVirt and so on.