Warriors Defence Academy | Best NDA Coaching in Lucknow | Best Airforce Coaching in Lucknow | Best Defence Coaching in Lucknow India.
Address: 545-GA/1-CHHA, beside Madhuwan Guest house Chandganj Near Railway Crossing, Kapoorthla, Lucknow, Uttar Pradesh 226006
The making of Pegasus, from startup to spy–tech leader
HUNDREDS of thousands of cybersecurity researchers employed the largest teach companies to spend almost all their time looking for and fixing loopholes in their software code. Companies managing tech products and solutions even have bounty programs to reward detecting flaws they may have missed themselves. In such an ecosystem, a cyber–offensive toll that would be lapped up by governments around the world would require the tool to track not only the targets but also the platform through which it is delivered.
Israel’s NSO Group, which is at the heart of the alleged state surveillance of thousands of human rights activists, lawyers, journalists, politicians, and dissidents in countries including India, has built such a tool – Pegasus, the world’s most invasive spyware. It can find a route into a target’s device and its software, and without requiring the target to take any action such as clicking a link.
According to a profile of the NSO Group published by the French nonprofit Forbidden Stories, Which has published the ‘Pegasus Project’ along with its media partners, the company was started by ShalevHulio and OmriLavie, friends who started out with a product placement startup Media And in the early 2000s. The startup Media was all but washed out by the recession of 2008, but Hulioand Laviefound and opportunity in the 2007 launch of Apple’s iPhone. It marked a watershed moment – people began to use handheld devices for more than just calling and texting at scale.
Hulio and Lavie launched Communitake, Forbidden Stories reported, which allowed users to take control of any smartphone from a distance. This was originally meant for mobile operators, who would want to take control of devices to provide tech support. But as the use of smartphones spread and the need arose for providing security features like encrypted messaging services, this presented a challenge for law enforcement and intelligence agencies. So far, intelligence agencies would intercept a message or call while it was in transit on networks of telecom companies. But encryption key, they couldn’t access the message anymore – unless they accessed the device itself and decrypted the communication.
“Without knowing it Hulio and Lavie had solved the problem for them: agencies could simply pirate the phone itself, bypassing encryption and giving them all of the information they needed and more. The way Hulio tells it, the two Israeli entrepreneurs were approached by intelligence agencies interested in their technology. Hulio and Lavie knew little of the opaque world of cyber – intelligence but they decided to give it a shot. They brought on Niv Carmi, a former Mossad intelligence operative and security expert, and created NSO Group in 2010. The trio (Niv, Shalev, and Omrie, or NSO, for short) operated with clear roles: Niv Carmi handled the tech and Hulio and Lavie the business,” Forbidden Stories noted
Spy – tech and zero–click
From here on, NSO started focusing on building Pegasus as a spying solution for intelligence agencies and police forces. The narrative they built. Was that government agencies would use it to tackle terrorism, drug–trafficking, etc. But its first known state client – Mexico then equipping itself with cyber – espionage tools to fight drug trafficking, went beyond the script. Forbidden Stories reported that more than 15,000 numbers were selected for targeting by Mexican agencies between 2016 and 2017. Among these were those of people close to then-candidate Andres Manuell Lopez Obrador, now Mexican President, besides journalists, dissidents, their colleagues, and family members. Mexican President, besides journalists, dissidents, their colleagues, and family members.
“The Mexican government liked Pegasus so much it ended up equipping several of its agencies with the spyware tool: in addition to 1 the Attorney General’s office, Mexico’s intelligence bureau and army were also given access. In turn, NSO Group continued to provide their clients with juicier offers – each technology more sophisticated than the last,” Forbidden Stories reported.
This catapulted NSO Group to a leader in the spy-tech industry, leaving behind then heavyweights such as European companies Hacking Team and FinFisher.
Until then, Pegasus was utilizing attack vectors such as malicious links in e-mails and SMSes. Once clicked, the link would install the spyware, giving the hacker complete access to the device without the target’s knowledge. Then, it leapfrogged to “zero-click” infections.
Such infections, used in WhatsApp and iMessage hacks, do not require any intervention from the end-user. On WhatsApp, a missed call on the voice call feature would insert a malicious code into the device. With iMessage, a short message preview did the trick.
In 2014, a US-based private investment firm, Francisco Partners, bought NSO Group for $120 million. With this, the company started focusing on finding vulnerabilities in various apps used by smartphone consumers. This also helped it earn a wider set of clients.
The NSO Group also found itself in the crosshairs in relation to the murder of Saudi journalist Jamal Khashoggi. Just months before the June 2019 murder, February, Hulio, and Lavie bought back the company from Francisco Partners with the help of Novalpina, an investment firm backed by European venture capitalists for a reported $850 million.
At the time, Novalpina said it would ensure NSO Group’s technology is used only for lawful purposes. However, little changed. In July 2020, The Citizen Lab wrote to the South Yorkshire Pensions Authority, which has in- vested in Novalpina, and highlighted new research showing “use of NSO Group’s technology against civil society, media, human rights defenders, and political opposition members”.
A year later, Forbidden Stories, Amnesty International, and 17 media partners published reports from a list of 50,000 names including journalists, opposition members, activists, and even members of the administration being se elected for surveillance using Pegasus.
Responding to queries from The Indian Express, an NSO spokesperson said the investigation “has been flimsy from the beginning”.! The spokesperson dismissed the list as “an equivalent of opening the White Pages, choosing randomly 50,000 numbers, and drawing headlines from it”. The spokesperson said that “the report itself stated that it is unknown how many of the phones were targeted or surveilled,” and that “even the Washington Post’s editor stated that ‘the purpose of the list could not be conclusively determined”.”
Importantly, however, the spokesperson said the company would investigate “all cred bile claims” of misuse of its technology and would take strong action, including shutting down the customer’s system, if warranted.
“NSO Group will continue to investigate all credible claims of misuse and take appropriate ate action based on the results of these investigations. This includes shutting down of a customers’ system, something NSO has proven its ability and willingness to do, due to confirmed misuse, has done multiple times in the past, and will not hesitate to do again if a situation warrants,” the spokesperson said.