The beleaguered Israeli surveillanceware vendor NSO Group this
week admitted to the European Union lawmakers that its Pegasus tool
was used by at least five countries in the region.
“We’re trying to do the right thing and that’s more than other
companies working in the industry,” Chaim Gelfand, the company’s
general counsel and chief compliance officer, said, according to a
report[1]
from Politico.
Acknowledging that it had “made mistakes,” the company also
stressed on the need for an international standard to regulate the
government use of spyware.
The disclosure comes as a special inquiry committee was launched in April 2022[2]
to investigate alleged breaches of E.U. law following revelations
that the company’s Pegasus spyware is being used to snoop on phones
belonging to politicians, diplomats, and civil society members.
“The committee is going to look into existing national laws
regulating surveillance, and whether Pegasus spyware was used for
political purposes against, for example, journalists, politicians
and lawyers,” the European Parliament said[3]
in March 2022.
Earlier this February, the European Data Protection Supervisor
(EDPS) called for a ban[4]
on the development and the use of commercial spyware in the region,
stating that the technology’s “unprecedented level of
intrusiveness” could endanger users’ right to privacy.
Pegasus, and its other counterparts like FinFisher[5]
and Cytrox[6], are designed to be
stealthily installed on a smartphone by exploiting unknown
vulnerabilities in software known as zero-days to seize remote
control of the device and harvest sensitive data.
Infections are typically achieved by means of one-click attacks
wherein targets are tricked into clicking on a link sent via
messages on iMessage or WhatsApp, or alternatively using zero-click
exploits that require no interaction.
Once installed, the spyware provides support for a broad range
of capabilities that allows the operator to track the victim’s
whereabouts, eavesdrop on conversations, and exfiltrate messages
from even encrypted apps like WhatsApp.
NSO Group, founded in 2010, has long maintained it only supplies
the software to government customers for what it says is to tackle
terrorism, drug trafficking, and serious crime, but evidence has
shown widespread[7]
misuse[8]
of the software to keep tabs on political opponents, critics,
activists, journalists, lawyers across the world.
“The use of Pegasus does not require cooperation with
telecommunication companies, and it can easily overcome encryption,
SSL, proprietary protocols, and any hurdle introduced by the
complex communications worldwide,” the Council of Europe noted[9]
in an interim report.
“It provides remote, covert, and unlimited access to the
target’s mobile devices. This Modus Operandi of the Pegasus clearly
reveals its capacity to be used for targeted as well as
indiscriminate surveillance.”
References
Read more https://thehackernews.com/2022/06/nso-confirms-pegasus-spyware-used-by-at.html