Spy State’s Pegasus Spyware Boomerangs to Haunt the Deep State
Image Source: jannoon028
If you aren’t familiar with Pegasus, don’t feel bad. In layman’s term, Pegasus is a shadowy remotely installed “zero click” spyware developed by an Israeli company known as NSO Group targeting smart phones. Once developed, this cyber weapon was heavily marketed to governments and their spy agencies ostensibly to help them prevent things like terrorism. However, not surprisingly, in practice, this tool was instead used to spy on and crackdown on dissidents, reporters, human rights workers and pretty much anyone a government deemed a political threat. From the FBI and Mexican government to the Saudi Ministry of the Interior (which is their domestic security organization), the tool was “evaluated.” By evaluated, I mean purchased and used to covertly target anyone deemed an enemy of the state…or better, regime. However, since Pegasus went live around 2016 and the genie was released from the bottle, the complex code and attack pathway has been analyzed enabling it to be reproduced by other companies and nations that are dedicated to developing spyware and other types of malware and/or anti-virus detection and defense. Thus, the ironic problem with this kind of technology is you can only do so much to prevent it from proliferating once released. This has in effect created a double-edged sword for spy agencies and governments. The powerful spyware that was unleashed on dissidents and reporters is now catching the political elite in their own dragnet.
For a little background context on Pegasus, let me tell you about how the public became aware of its existence. If there was a watershed moment for Pegasus and the public, it would be the case of Jamal Khashoggi. Khashoggi, a columnist for the Washington Post was a Saudi dissident living in the US. His columns were featured in many media outlets around the world and generally were critical of Saudi Crown Prince Mohammed bin Salman (MbS). As a result, he was targeted and assassinated by the Saudis on the orders of (MbS). A key to the Saudi operation was support from the Emirates who covertly deployed Pegasus to Khashoggi’s phone so that they could intimately monitor him. This led the hit team to the Saudi consulate in Istanbul in October of 2018 where they intercepted him filing documents and murdered him in a grizzly fashion. By grizzly, I mean they strangled him, cut his body into pieces, and then dissolved the pieces in acid. We know this with good authority because Turkish intelligence had secretly bugged the Saudi consulate (most likely with CIA assistance) and were able to eavesdrop on the entire operation. If it had not been for the Pegasus spyware on his phone, it is doubtful the Saudi hit team would have been able to effectively plan and coordinate the assassination in Turkey. The result was huge public outrage, but no accountability. Despite working for an American company as a resident in the US and having children that were US citizens, both the Trump and Biden Administrations let MbS get away with it and granted him and the senior officials involved immunity. In case there was any doubt, I can assure you large sums of Saudi money were provided to senior members of the US government to make this all go away…and this is more then mere speculation. Further, the likes of scumbags like Mike Pompeo, the guy that plotted to assassinate Julian Assange, were worried the precedent could come back to haunt them criminally. So much for defending human rights and standing up for democracy.
With that background, you may be wondering what makes Pegasus so potent. As a spy tool, Pegasus can be remotely installed on phones and other IT devices covertly without the owner or user knowing or ever having to click on anything. This “zero click” installation was pretty revolutionary when it came to malware. Up until then, pretty much all unclassified cyber weapons of this type either required you to physically gain access to the device to install the malware or for the target to be tricked into opening or clicking on an infected file. In addition, no anti-virus software was available that would detect the scant traces of it having infected a device. Further, neither Apple nor Android products are immune to this spyware, making it deployable against most any smart device used globally. Now, getting more specific regarding what it can do, Pegasus boasts a suite of capabilities that include:
· The ability to remotely read text messages
· The ability to monitor all web browsing
· The ability to read emails
· The ability to harvest passwords for anything done on your phone
· The ability to use location data to geolocate the device
· The ability to remotely turn on and listen/watch your phone’s cameras and microphone
· The ability to harvest app information
· The ability to listen to phone calls (data or cellular)
As you see, once Pegasus has been installed on a victim’s device, it can pretty much see, hear, log, and track anything you do with the device. It completely compromises the device and will continue providing the handler steady access to that data so long as the device is in operation. I should point out; this includes defeating encrypted communications through a work around. Pegasus does this by remote viewing the packets of information before they are encrypted on the sender’s side and after they are decrypted on the receiver’s side. Thus, Pegasus has no need to decrypt anything because it views the information just like the phone’s user. To prevent this, even today, there isn’t much you can do. Kaspersky Labs (now banned in the US) has done significant research into the code and has found ways it can be detected and removed. However, it requires a mobile verification toolkit by a legitimate cyber expert. This isn’t cheap, fast or easy. The good news is that it is doable, and I expect newer antivirus tools and phone operating systems to start to integrate these lessons learned into broadly deployed patches and antivirus software. However, we aren’t there yet so if you are likely on the target list of some powerful bad hombres with government level powers, you might want to talk to some cyber security folks and have your devices routinely scanned.
Now that you have a better appreciation for Pegasus, let me say there are other programs that have and are being developed that exploit similar vulnerabilities. Some of these tools are closely guarded secrets and others seem to find a way of getting out on the black market. Most of these tools are illegal to use in most countries even if you had access to them as a civilian. Not surprisingly, it seems that only spy agencies, militaries, and law enforcement believe they should have the authority to spy on you so they can cut you up and dissolve your body in acid. Either way, these tools have a funny way of coming back to haunt their creators. Most recently, it seems that a number of high-level people have been getting caught up in sting operations and lots and lots of leaks have been happening. I’m going to tell you this is no accident and behind the scenes, nation states have now reversed engineered this product and have been much more broadly deploying it both internally and now externally. The spy game isn’t new, but as major nation state conflicts have heated up around the world, this tool has created big problems for everyone from CEOs and scientists to congressmen and military officers that routinely communicate on standard (vulnerable) Apple and Android smart phones. If you are picking up what I am putting down, a whole bunch of people have now been covertly tagged and the mountains of information being collected is staggering. This information is then digested and refined into actionable intelligence that is often appearing in the public domain ostensibly obtained from other sources. To give you some examples, think of situations like when senior German military officers were exposed talking about how they support Ukrainian missile attacks against Russia or the classic Victoria Nuland faux pas where she was recording discussing the US sponsored coup in Ukraine saying, “fuck the EU.” Sure, these incidents are captured through all kinds of various collection means, but this tool and its clones are now widely proliferating and snagging more victims daily. As political tensions continue to escalate both domestically and internationally, expect to see many more leaks and embarrassing disclosures that the Deep State was hoping would never see the light of day. I don’t think the inventors of Pegasus ever envisioned it being used against them, but I welcome the day and hope they’ll consider the harm their tools caused. Ironically though, it may be the plebes that have the last laugh as these tools boomerang to expose their lies, treachery, deceit, corruption, and crimes. Sometimes folks, there are silver linings to these Orwellian weapons of despotic regimes, and we may just be getting much more of that in the coming weeks and months so get your popcorn ready.
Till then,
D.t.Y.