A Pegasus is a winged horse from mythology. It’s also a strain of really scary hacker spyware. Let’s have a look.
I’ve written about smart-phone security before, and the dangers of connecting everything to the internet. Over the course of the Covid pandemic, hacking has become even more of a problem than before. DDOS attacks have increased over the period, as well as attacks on companies.
One of the downsides of working from home is that it makes people more vulnerable. Suddenly, the IT infrastructure of a company is extended to the home networks of all its employees. Attacks through this vector have shot through the roof.
And it’s not just criminal hackers. State actors have started to rouse themselves. Most states do not shy away from using hacking to gather intelligence, or to hurt what they see as opponents. That’s not just countries like China or Russia, but also North Korea, and the US and Israel. There are differences in how far they go. Russian hackers most likely tried to influence the US election of 2016 en 2020, while China appears to have been behind hacks on US oil pipelines.
What many people don’t realize is that we’re in a cold war in cyberspace. There are criminal organizations in that same space, but countries are all jostling to gain the upper hand in our connected world. And because everything is close together in cyberspace, this could potentially be used to attack countries on their home turf. At some point this could spill over into actual open warfare. It’s basically a powder keg sitting on a pile of kindling, surrounded by people smoking.
Israel has always been at the forefront of this cyber war. The country has been beset by enemies since modern Israel arose in the forties, and has invested heavily in both on-the-ground military, intelligence services operating on foreign soil, and cyber warfare. Some of these state-fueled actors in cyber warfare leave the military space and enter the private sector. They often form companies that sell surveillance to interested parties.
Let’s talk a bit about two such companies, Cellebrite and the NSO Group.
The first offers something called a Universal Forensic Extraction Device. This UFED is a suitcase filled with a gazillion extension cords and a computer. You plug the computer into a phone, and the device can use exploits to read everything on the device and parse it, from Whatsapp messages to e-mails to PDFs. Basically, the device sucks all data from a phone, ostensibly without you being able to prevent it. They recently came to my attention through a blog from the Signal messaging app. Interestingly, Signal found ways to hack the hacking software on the UFED.
The second company, even scarier than Cellebrite is the NSO group.
The NSO group offers a product somewhat similar to Cellebrite UFED in the form of Pegasus. The difference is that Pegasus does not require physical access to a device. Pegasus uses unknown security vulnerabilities (zero-day exploits) in phones to hack them. The software sends a message to the phone with malware in it, and then installs itself. This can be done without a user knowing and apparently works even on fully updated phones.
That is messed up, but that’s not where the story ends. A coalition of news organizations managed to get a hold of a list of targets. The idea is that the company only helps governments catch criminals like pedophiles and the like. In reality, that’s not what happens. Saudi Arabia used it to spy on the murdered journalist Khashoggi‘s family and Turkish prosecutors looking into his death. Hungary used it to track journalists. And Mexico went all out in tracking people.
Why this matters
Is this a big deal? Yes, it is. We’re already in a cold war on the internet. On top of that, we’re seeing the rise of states using advanced technology to oppress their peoples. That is extremely dangerous. One thing that has been the downfall of many authoritarian regimes throughout history is that they could not control the entire population. Resistance was always possible. But that is rapidly changing, fueled by this cold war.
We’re entering an age where a very small number of people can oppress an entire population. They can use a combination of these advanced surveillance techniques with AI to monitor everything. That has never been possible throughout our history. Soon it will be possible to route out any and all deviance from the norm automatically. You can nudge people back in line by computer, identify dissidents, and nip all opposition in the butt.
Already, these kind of surveillance states or on the rise. China is at the cutting edge, and it’s trying to carve out a place at the top of the food chain. Imagine it, a billion people, hammered into a perfect singular purpose: to serve the great leader’s every whim. And one of his whims is to control all of Asia.
Freedom is dying all over the world, and Pegasus is one more nail in the coffin.