08 December 2021

THE RIGHT THING TO DO: Apple Thwarts A Nefarious Thing...NSO Spyware Pegasus

That's better than doing nothing - Even a minimal amount of thwarting of nefarious doings is welcome in a world where the powerful go unpunished and unchecked far too often

Apple Notifies More Victims Of NSO Malware Hacking Attempts

from the [extremely-1960s-Batman-splash]-THWART!!! dept

"Apple's announcement that it was suing Israeli malware purveyor NSO Group for targeting iPhone users was coupled with another, equally dismaying (I mean, for NSO…) announcement:
 
____________________________________________________________________________
(NSO Group’s FORCEDENTRY Exploit
Apple’s legal complaint provides new information on NSO Group’s FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware product, Pegasus. . .
> Apple’s lawsuit seeks to ban NSO Group from further harming individuals by using Apple’s products and services.
> The lawsuit also seeks redress for NSO Group’s flagrant violations of US federal and state law, arising out of its efforts to target and attack Apple and its users.)
_____________________________________________________________________________
> Actually, this may be more of a concern for NSO's customers. After all, they're still paying the same licensing fees even if their targets are being warned of hacking attempts. It can't make them happy and -- since it appears many of NSO's customers like to target non-terrorists and non-criminals -- there's really nothing they can do about it. Local entities may be sworn to secrecy with court orders (if those are even obtained) but there's nothing preventing Apple from alerting users that malware might be present on their phones.
Given the long list of seemingly inappropriate targets for NSO's Pegasus spyware -- which includes journalists, activists, dissidents, government critics, political figures, religious leaders, lawyers, ex-wives, etc. -- Apple's policy is the Right Thing To Do. NSO's customers agree to use the spyware to target terrorists and dangerous criminals.
If NSO won't stop them (and it won't [until very recently]), this is one way to mitigate the damage. And so the disclosures have flowed. . .
[...] Fortunately, there's another entity watching these people's backs.
Prior to Apple's notification program, it took in-depth research by entities like Canada's Citizen Lab to discover the source of hacking and properly attribute it to NSO malware. Apple presumably can make these determinations much faster, heading off future interception and eavesdropping.

If NSO doesn't like it, it can suck it. It chose to sell to governments with long histories of targeting critics and violating human rights. Its customers can likewise suck it. They've given themselves an infinite amount of leash and NSO's exploits have let them take full advantage of this. Even a minimal amount of thwarting of nefarious doings is welcome in a world where the powerful go unpunished and unchecked far too often. >

Filed Under: hacking, malware, pegasus, surveillance
Companies: apple, nso group

================================================
RELATED CONTENT ON THIS BLOG GOING BACK TO 2017
PEGASUS SPYWARE / Cyber Espionage Tool > The Ultimate Spyware
An Opinion Piece in the New York Times caught your MesaZona blogger's eye today.
What Poses a Greater Privacy Threat Than Facebook? Spyware
WhatsApp’s lawsuit against the spyware company NSO Group is a smart move for Facebook and an important defense of privacy and civil liberties.
A lawsuit that is a genuine step forward for drawing attention to the spyware market and the need for stricter regulation of private surveillance companies like NSO.
Pegasus is a spyware that can be installed on devices running certain versions of iOS, Apple's mobile operating system, developed by the Israeli cyberarms firm, NSO Group
"Facebook is under fierce scrutiny for its decisions about political advertisements and consumer privacy, and its foray into developing a new cryptocurrency. So it makes sense that the company would try to drum up a little positive publicity and remind people that there are tech firms out there that pose much greater threats to privacy, democracy and civil liberties.
 
As for surveillance, let’s be clear:
We’re talking total surveillance
"Whatever you may think of Facebook, the Israeli spyware company known as the NSO Group — whose products have been used to compromise devices belonging to lawyers, dissidents, journalists and diplomats around the world — is inarguably worse. . ."
_________________________________________________________________________________
Pegasus:
The ultimate spyware for iOS and Android
April 11, 2017
Apple iPhone and iPad users usually believe they are safe. There’s no malware for iOS, they say. Apple does little to discourage the impression — the “fruit company” doesn’t even allow antivirus solutions in its App Store, because, you know, allegedly they’re not needed.
FROM KASPERSKY LABS Link > https://www.kaspersky.com/blog/pegasus-spyware
The keyword here is allegedly. There actually is malware in the wild that targets iOS users — it’s been proved a number of times, and in August 2016 researchers proved it again by revealing the existence of Pegasus, spyware capable of hacking any iPad or iPhone, harvesting data about the victim, and establishing surveillance on them. That discovery made the whole cybersecurity world… uneasy.
At our Security Analyst Summit, researchers from Lookout revealed that Pegasus exists not only for iOS, but for Android as well. The Android version is different in some ways from its iOS predecessor.
Let’s shed some light on Pegasus and explain why we use the word “ultimate” to describe it.
Pegasus: The beginning
Pegasus was discovered thanks to Ahmed Mansoor, a UAE human rights activist, who happened to be one of its targets. It was a spear-phishing attack: He received several SMS messages that contained what he thought were malicious links, so he sent those messages to security experts from Citizen Lab, and they brought another cybersecurity firm, Lookout, to the investigation. . .
Pegasus has been attributed to the NSO Group, an Israeli company whose bread and butter is developing spyware.
That means the malware is commercial — it’s sold to whoever is willing to pay for it.
_________________________________________________________________________
 
July 2021
Disclosures Begin Today > PEGASUS SURVEILLANCE SPYWARE GLOBAL REACH
Let's get ahead of the story > The Guardian and its media partners will be revealing the identities of people whose number appeared on the list in the coming days. They include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers. . .
The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.
THE PEGASUS PROJECT
SURVEILLANCE

Revealed: leak uncovers global abuse of cyber-surveillance weapon

Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests

Stephanie Kirchgaessner, , ,, and

Last modified on Sun 18 Jul 2021 16.39 EDT

More

". . . Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

NSO ran US-based attack servers: Facebook - Security - iTnews

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium. . .Through its lawyers, NSO said the consortium had made “incorrect assumptions” about which clients use the company’s technology. It said the 50,000 number was “exaggerated” and the list could not be a list of numbers “targeted by governments using Pegasus”. Pegasus: The new global weapon for silencing journalists • Forbidden Stories

The lawyers said NSO had reason to believe the list accessed by the consortium “is not a list of numbers targeted by governments using Pegasus, but instead, may be part of a larger list of numbers that might have been used by NSO Group customers for other purposes”. After further questions, the lawyers said the consortium was basing its findings “on misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers' targets of Pegasus or any other NSO products ...

HIDE AND SEEK: Tracking NSO Group's Pegasus Spyware to Operations in 45  Countries - The Citizen Lab

> Claudio Guarnieri, who runs Amnesty International’s Security Lab, said once a phone was infected with Pegasus, a client of NSO could in effect take control of a phone, enabling them to extract a person’s messages, calls, photos and emails, secretly activate cameras or microphones, and read the contents of encrypted messaging apps such as WhatsApp, Telegram and Signal. . . By accessing GPS and hardware sensors in the phone, he added, NSO’s clients could also secure a log of a person’s past movements and track their location in real time with pinpoint accuracy, for example by establishing the direction and speed a car was travelling in.

The latest advances in NSO’s technology enable it to penetrate phones with “zero-click” attacks, meaning a user does not even need to click on a malicious link for their phone to be infected.

_____________________________________________________________________________

Amnesty, research groups map out global reach of Israeli NSO Group’s spyware

Pegasus software ‘has been used in some of the most insidious digital attacks on human rights defenders,’ Amnesty International charges; NSO says claims are ‘recycled,’ inaccurate

Amnesty, research groups map out global reach of Israeli NSO Group's  spyware | The Times of Israel

"The ‘Digital Violence: How the NSO Group Enables State Terror’ platform that details the operations of Israeli startup NSO Group (Courtesy)

An interactive online platform created by research agency Forensic Architecture, and supported by Amnesty International and the internet watchdog group Citizen Lab, has mapped the global spread of the spyware Pegasus, made by Israeli cybersecurity firm NSO Group.

Titled “Digital Violence: How the NSO Group Enables State Terror,” the website shows, for what is said to be the first time, geographic areas in which Pegasus spyware has been deployed worldwide, and interviews lawyers, activists and other civil society figures about their experiences.

Forensic Architecture, based in the University of London, investigates human rights violations by states, police forces and corporations.

“The company’s Pegasus spyware has been used in some of the most insidious digital attacks on human rights defenders,” Amnesty International said on its website. “When Pegasus is surreptitiously installed on a person’s phone, an attacker has complete access to a phone’s messages, emails, media, microphone, camera, calls and contacts.”

“The investigation reveals the extent to which the digital domain we inhabit has become the new frontier of human rights violations, a site of state surveillance and intimidation that enables physical violations in real space,” said Forensic Architecture researcher Shourideh Molavi in the Amnesty statement.

Guarnieri has identified evidence NSO has been exploiting vulnerabilities associated with iMessage, which comes installed on all iPhones, and has been able to penetrate even the most up-to-date iPhone running the latest version of iOS. His team’s forensic analysis discovered successful and attempted Pegasus infections of phones as recently as this month. . ."

_____________________________________________________________________________

No comments:

Fury in Russia at 'serious escalation' of Ukraine missile move | BBC News

  'Kyiv Stands': Sullivan says U.S. role in defending Ukraine defines Biden's legacy