from The Observer
What’s the most problematic tech company in the world? Facebook? Google? Palantir? Nope. It’s a small, privately held Israeli company called NSO that most people have never heard of. On its website, it describes itself as “a world leader in precision cyberintelligence solutions”. Its software, sold only to “licensed government intelligence and law-enforcement agencies”, naturally, helps them to “lawfully address the most dangerous issues in today’s world. NSO’s technology has helped prevent terrorism, break up criminal operations, find missing people and assist search and rescue teams.”
So what is this magical stuff? It’s called Pegasus and it is ultra-sophisticated spyware that covertly penetrates and compromises smartphones. It’s particularly good with Apple phones, which is significant because these devices are generally more secure than Android ones. This is positively infuriating to Apple, which views protecting its users’ privacy as one of its USPs.
How does Pegasus work? Pay attention, iPhone users, journalists and heads of government: your cherished and trusted device will emit no beep or other sound when it’s being hijacked. But the intruder has gained entry and from then on everything on your phone becomes instantly accessible to whoever is running the spyware. Your camera can be secretly activated to take photographs, for example, and your microphone switched on at the whim of a distant watcher or listener. Everything you type on iMessage or WhatApp will be read and logged. And you will have no idea that this is happening. You’ve been “Pegasused”, as it were. And the perpetrator may well be a government, which is interesting if you happen to be a president like Emmanuel Macron or a prime minister like Imran Khan, but potentially fatal if you happen to be a journalist like Jamal Khashoggi. Those of us who follow these things have known about NSO for quite a while, mainly thanks to the Citizen Lab at the University of Toronto, which is the nearest thing civil society has to the National Security Agency. Its researchers have done sterling work tracing the ways in which journalists’ phones have been Pegasused by authoritarian regimes. In December last year, for example, the Lab published the report of an investigation that showed how Pegasus spyware had been used to hack into 36 personal phones belonging to journalists, producers, anchors and executives at Al Jazeera and a phone of a London-based journalist at Al Araby TV. The phones were compromised using an invisible zero-click exploit in iMessage. The hacking was done by four Pegasus customers, two of which appeared to be Saudi Arabia and the United Arab Emirates (UAE).