Amnesty International revealed a digital attack using Pegasus Spyware against two Moroccan human rights defenders, academic and activist Maati Monjib and human rights lawyer Abdessadak El Bouchattaoui. Pegasus Spyware is a virus produced by the Israeli company NSO Group which is used to target more than 100 human rights activists, as quoted by Open Access Government, recently. “This disclosure underlines that the NSO Group continues to benefit from spyware products that are used to intimidate, track and punish a number of human rights defenders around the world, including the Kingdom of Bahrain, the United Arab Emirates and Mexico,” said Danna Ingleton, Deputy Director of Amnesty Tech In May 2019, WhatsApp stopped sophisticated cyber attacks that exploited video call systems to send malware to the mobile devices of a number of WhatsApp users, the nature of the attacks did not require targeted users to answer the calls they received, WhatsApp had also filed a lawsuit in a US court linking the attack was with a spyware company called NSO Group and its parent company Q Cyber Technologies, a lawsuit against violations of US and California law and WhatsApp Terms of Service, which prohibit this type of abuse, WhatsApp said Ingleton deserves praise for its harsh attitude towards malicious attacks. this includes efforts to hold the NSO accountable in court. “The NSO says its spyware is intended solely to prevent crime and terrorism. But the company’s invasive surveillance tools are used to commit human rights violations,” Ingleton said. Ingleton continues that the safest way to stop NSO spyware products from entering the government and planning to abuse them is to revoke the company’s export license. “This is why Amnesty International supports legal cases in the Tel Aviv District Court, forcing the Israeli Ministry of Defense to do so,” Ingleton said. In an initial statement, WhatsApp said that his team quickly added new protection to the system. And issued an update to WhatsApp to help keep users safe. “We are now taking additional action, based on what we have learned so far,” WhatsApp said. “This is the first time an encrypted message provider has taken legal action against a private entity that has carried out this type of attack against its users.”
WhatsApp also explained how the NSO carried out this attack, including an acknowledgment from an NSO employee that WhatsApp’s steps to recover the attack were effective. “We are looking for a permanent legal order that forbids NSO from using our services,” WhatsApp said. In his lawsuit, Pegasus is said to have the ability to spy on three levels. Namely data extraction, passive monitoring, and active data collection. “Pegasus was designed, one of its parts, to intercept communications sent and received from devices, including communication via iMessage, Skype, Telegram, WeChat, Facebook Messenger, WhatsApp, and others,” WhatsApp wrote in his statement. This means that not only does Pegasus infect WhatsApp, but also various other popular messaging applications. Not only that, Pegasus can infiltrate without a trace, with minimal battery consumption so as not to arouse suspicion. “(Pegasus) leaves no traces, minimal battery consumption, memory and data usage, and has the option to delete yourself which can be used at any time,” WhatsApp added. Pegasus is an espionage tool that can be used by a country’s institutions to spy on certain people, for example for reasons of national or political security. Even Pegasus is referred to as the most powerful cellular spyware application in the world. According to information from the security intelligence company Lookout, the Pegasus Android spyware application has several advanced features, including:
- Pegasus is able to retrieve large amounts of data
- Pegasus is able to steal messages and call records from WhatsApp, Facebook, Twitter, Skype and Gmail
- Pegasus can also control the camera and microphone, as well as do keylogging and take screenshots
- Pegasus can be controlled via SMS and self-destruct if needed
Pegasus, the famous spyware that targets the iPhone and Android devices, and is thought to have infiltrated 45 countries around the world. Six of these countries have used surveillance malware in the past to abuse human rights, a group of researchers said. Researchers from The Citizen Lab, have scanned the internet in a large-scale project that took place between 2016 and 2018. They sniffed the server associated with Pegasus mobile spyware. Pegasus is associated with the NSO Group company based in Israel, and is offered to users of state-class countries throughout the world. “The number of Pegasus servers we detected in our scan ballooned from around 200 in 2016, to nearly 600 in 2018.” This may be an indication that the NSO Group is improving their operations, “Bill Marczak, senior researcher at The Citizens Lab and the researchers on the team, told Threatpost, the latest Citizen Lab report even shows that Pegasus has expanded more widely, even accusing it of being used by certain countries to target human rights, including expanding the use of Pegasus in Council countries Gulf cooperation in the Middle East, especially to track dissidents, such as UAE activist Ahmed Mansoor, who was targeted by spyware in 2016, and Amnesty International staff and Saudi activists in June 2018. Even Edward Snowden also just stated that journalist Jamal Khasoggi was killed in Turkey, also spied on his activities with this Pegasus spyware. “Findings k We illustrate the grim picture of human rights risks from the rise of NSO globally, “researchers said in a post Tuesday. “At least six countries with significant previous Pegasus operations have been linked to the use of spyware abuse to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia and the United Arab Emirates.” Spyware has been misused in this way in the past – in 2017. It was discovered that dozens of Mexican journalists and lawyers (and even children) had their devices infected by Pegasus in a campaign believed to be carried out by the national government. “Our technique identifies 45 countries where Pegasus operators may carry out surveillance operations. At least 10 Pegasus operators appear to be actively involved in cross-border surveillance.” As many as 45 countries found to store spyware are Algeria, Bahrain, Bangladesh, Brazil, Canada, Ivory Coast, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait. Then there are Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, UAE, Uganda, United Kingdom, United States, Uzbekistan, Yemen and Zambia. Maybe we can breathe a sigh of relief, because Indonesia does not seem to have used this sophisticated and powerful spyware made by Israel. Interestingly, the research team found this Pegasus infection in the IP address of the United States – but Pegasus customers are not related to the United States. This shows the cross-border compromise that Pegasus can make. When The Citizen Lab presented their findings to the NSO Group, the company denied it, “There are many problems with the latest Citizen Lab report.” “(The most significant), a list of countries where the NSO is suspected of operating inaccurately.” in many registered countries. “” This product is only licensed to operate in countries approved under our Business Ethics Framework and the product will not operate outside approved countries. “However, Citizen Lab researchers refute the claim and states that there is a continuous supply of services to countries with a track record of problematic human rights. In these countries, a lot of abuse of spyware has often been published. This raises serious doubts about the effectiveness of the internal mechanism that Pegasus claims, if any.