NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company’s founders) is an Israeli technology firm whose spyware called Pegasus enables the remote surveillance of smartphones. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. It employed almost 500 people as of 2017, and is based in Herzliya, near Tel Aviv, Israel.
Pegasus is spyware developed by the Israeli cyberarms firm NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. The 2021 Project Pegasus revelations suggest that current Pegasus software is able to exploit all recent iOS versions up to iOS 14.6. According to the Washington Post and other prominent media sources, Pegasus not only enables the keystroke monitoring of all communications from a phone (texts, emails, web searches) but it also enables phone call and location tracking, while also permitting NSO Group to hijack both the mobile phone’s microphone and camera, thus turning it into a constant surveillance device.
Pegasus was discovered in August 2018 after a failed attempt at installing it on an iPhone belonging to a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. As of 2016, Pegasus was capable of reading text messages, tracking calls, collecting passwords, tracking location, accessing the target device’s microphone and camera, and harvesting information from apps. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever, and was the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected.
On August 23, 2020, according to intelligence obtained by the Israeli newspaper Haaretz, the NSO Group was reported to have sold Pegasus spyware software for hundreds of millions of US dollars to the United Arab Emirates and the other Gulf States, for surveillance of anti-regime activists, journalists and political leaders from rival nations, with Israeli government encouragement and mediation. Later, in December 2020, Al Jazeera investigation show The Tip of the Iceberg, Spy partners, showed exclusive footage about Pegasus and its penetration into the phones of media professionals and activists, used by Israel to eavesdrop on its opponents and even its allies.
The spyware can be installed on devices running certain versions of iOS, Apple’s mobile operating system, as well as some Android devices. Rather than being a specific exploit, Pegasus is a suite of exploits that uses many vulnerabilities in the system. Infection vectors include clicking links, the Photos app, the Apple Music app, and iMessage. Some of the exploits Pegasus uses are zero-click—that is, they can run without any interaction from the victim. Once installed, Pegasus has been reported to be able to run arbitrary code, extract contacts, call logs, messages, photos, web browsing history, settings, as well as gather information from apps including but not limited to communications apps iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype.
Although Pegasus is stated as intended to be used against criminals and terrorists, use by authoritarian governments to spy on critics and opponents has often been reported.
Use by India
In late 2019, Facebook initiated a suit against NSO, claiming that Pegasus had been used to intercept the WhatsApp communications of a number of activists, journalists, and bureaucrats in India, leading to accusations that the Indian government was involved.
Phone numbers of Indian ministers, opposition leaders, ex-election commissioners and journalists were allegedly found on a database of NSO hacking targets by Project Pegasus in 2021.
Independent digital forensic analysis conducted on 10 Indian phones whose numbers were present in the data showed signs of either an attempted or successful Pegasus hack. The results of the forensic analysis threw up shows sequential correlations between the time and date a phone number is entered in the list and the beginning of surveillance. The gap usually ranges between a few minutes and a couple of hours.
11 phone numbers associated with a female employee of The Supreme Court of India and her immediate family, who accused the former Chief Justice of India, Ranjan Gogoi, of sexual harrasment, are also allegedly found on a database indicating possibility of their phones being snooped.
Records also indicate that phone numbers of some of the key political players in Karnataka appear to have been selected around the time when an intense power struggle was taking place between the Bharatiya Janata Party and the Janata Dal (Secular)-Congress-led state government in 2019.
It was reported that the Indian government used Pegasus to spy on Pakistan Prime Minister Imran Khan and diplomats from Iran, Afghanistan, China, Nepal and Saudi Arabia.
Use by Mexican drug cartels
Reversing the intended use against criminals, Pegasus has been used to target and intimidate Mexican journalists by drug cartels and cartel-entwined government actors.
Use by Saudi Arabia
Pegasus software, whose sales are licensed by the government of Israel to foreign governments, helped Saudi Arabia spy on Jamal Kashoggi, who was later killed in Turkey.
Pegasus was also used to spy on Jeff Bezos after Mohammed bin Salman, the crown-prince of Saudi Arabia, exchanged messages with him that exploited then-unknown vulnerabilities in WhatsApp.