As I am writing this in early December 2021, I’ve heard of the NSO Group in the news quite a bit lately. For those of you who don’t know, the NSO group is an Israeli technology firm known for the creation and sale of Pegasus Spyware. This spyware exclusively targets mobile platforms (Android and iPhone) and allows the reading of text messages, call and location tracking, password collection, camera and microphone eavesdropping, and data collection from various applications. It is a tool that is (supposedly) exclusively sold to governments and their intelligence agencies. It is also the center of controversy in all of the recent hubbub about the NOS Group.
Here are various examples of the NOS Group in the headlines recently:
- On November 3rd, 2021, the Biden Administration (Let’s Go Brandon!) blacklisted the NSO Group. This was supposedly done in response to the spyware being abused by foreign governments to spy on journalists, political dissidents, and the likes. This move comes only three months after the French non-profit group, Forbidden Stories, released a story detailing numerous journalists and activists being targeted by said malware. It was also reported that French President Macron and his cabinet were selected as possible targets. It is unconfirmed that their phones were compromised.
- Later on in that November 2021, it was reported that Apple was suing the NOS group for targeting iPhones. This apparently builds onto other lawsuits from Big-Tech that have been filed previously. Meta (formerly Facebook) filed a lawsuit in 2019. Google, Microsoft, Cisco, VMware, and others have filed amicus briefings in regard to this case.
- In early December 2021, news broke that Pegasus was found on at least nine US State Department Employee’s phones. While the culprit has not yet been identified, it appears that all of the victims were involved in Ugandan diplomacy. To make things more interesting, a few weeks prior the Ugandan President, Norbert Mao, was notified by Apple in a threat notification.
It seems that much of the apprehension to the NOS Group and their product is the capability it provides to governments and those entities ability to abuse the software. Many of the complaints levied all center around these entities abusing their power, targeting journalists and political activists. I plan on covering the technical details of Pegasus in a future post. Yet for the sake of this story, I have to point out a few technical details that really put the terrifying nature of this spyware into perspective.
First thing, first, Pegasus utilizes Zero-Click exploits to install (at least in iPhones). The spyware also hides itself very well. It has self-destruction behaviors also built into it if the spyware was installed into the wrong target, something goes wrong, or if it has been offline for a while. There is really a lot to unpack with it and it really warrants an entire post on its technical details. I will try to produce a post in the close future to satisfy my curiosity as well as yours.