paint-brush
Understanding the NSO Pegasus Spywareby@mysteriumvpn
438 reads
438 reads

Understanding the NSO Pegasus Spyware

by Mysterium VPNSeptember 7th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Surveillance technology giant [NSO Group] has been forced out of the shadows as its CEO steps down. Israeli NSO Group developed the infamous Pegasus spyware, which can be covertly installed on your mobile devices. It's an expensive piece of software that costs up to $8 million per license but can be easily bought on the dark web for as little as $1 million. Pegasus is believed to have been developed for use by Israeli cyber-spies in order to target Palestinian activists in the West Bank and Gaza.

People Mentioned

Mention Thumbnail

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Understanding the NSO Pegasus Spyware
Mysterium VPN HackerNoon profile picture


Mass surveillance is nothing new, nor is it controversial. We're all aware that governments are routinely monitoring and tracking us, in the name of "threat prevention".


Mass surveillance dates back to the first World War and naturally continued throughout the wars and decades that followed. After the September 11 attacks, the US government scaled up their efforts both domestically and internationally, with insidious programs such as the CIA’s surveillance initiative targeted at everyday citizens - with minimal oversight or ethical considerations.



Now surveillance technology giant NSO Group has been forced out of the shadows as its CEO steps down.


Israeli NSO Group developed the infamous Pegasus spyware, which can be covertly installed on your mobile devices through something called a zero-click exploit.


In other words, it does not need you to click on a fishy link to sneak into your device.


This remote access tool gives operators full control over the device, and can even turn on the microphones and cameras without notifying the owner so that it can spy on activity in the surrounding area. It's an expensive piece of software that costs up to $8 million per license but can be easily bought on the dark web for as little as $1 million.


Rather than being a specific exploit, Pegasus is a suite of exploits that uses many vulnerabilities in the system. In addition to its zero-click capabilities, Pegasus can also be installed by setting up a wireless transceiver near a target device, or by gaining physical access to the device.



Once installed, Pegasus has been reported to be able to run arbitrary code, extract contacts, call logs, messages, photos, web browsing history, and settings, as well as gather information from apps including iMessage, Gmail, Facebook, WhatsApp, Telegram, and Skype.


Pegasus hides and self-destructs in an attempt to eliminate evidence if unable to communicate with its command-and-control server for more than 60 days, or if installed on the wrong device. Pegasus also can self-destruct on command.



Pegasus spyware is the most invasive software for mobile devices, according to Citizen Lab and Lookout security experts who analyzed it. These projects named 12 countries that were using Pegasus: Bahrain, Ecuador, Egypt, Greece, India, Kosovo, Macedonia, Mexico Montenegro, Morocco, Qatar, Saudi Arabia, Tunisia and UAE.


However, NSO Group recently said "it would focus sales on countries belonging to the Nato alliance."


Technology That Turns People into Targets

NSO Group claims that it only sells its technology to governments to help them fight terrorists, drug rings and other organised crime syndicates.


However, Pegasus is believed to have been originally developed for use by Israeli cyber-spies in order to target Palestinian activists within Israel who were protesting against Israeli settlements in the West Bank and Gaza.


It was later revealed that NSO group had sold the software to the government of Panama as early as 2012. It was reportedly used in Panama by former president Ricardo Martinelli from 2012 to 2014, who established the Consejo de Seguridad Pública y Defensa Nacional (National Security Council) for its use.


The New York Times and The Times of Israel both reported that the software was used by the United Arab Emirates as early as 2013.



In 2016 it was widely reported when Ahmed Mansoor, an Arab human rights activist, noticed suspicious activity on his mobile phone and partnered with University of Toronto researchers to reveal the spyware.


In February 2016 Kaspersky Lab discovered that it had also been used against at least ten journalists working for international media organisations including The New York Times, BBC Newsnight and Al Jazeera English, who were all producing critical reports of Israel's policies towards Palestine.


In 2018, Saudi Arabia was accused of hacking into the phone of a dissident Washington Post journalist Jamal Khashoggi after he fled the country and disappeared in Istanbul; the kingdom later admitted that someone had used Pegasus against him.


It was reported that Crown Prince Mohammed bin Salman of Saudi Arabia approved the assassination of the Khashoggi, according to an intelligence report that the Biden administration released.


Two months after the assassination of Khashoggi, some of his colleagues filed a suit in Israel against NSO Group, accusing the firm of providing the Saudi government with the surveillance software to spy on Khashoggi and his friends.


This was not the only example; several lawsuits claimed that the NSO Group not only sold but also helped their clients operate the software, thereby aiding all kinds of human rights violations and crimes.

The Dark Side of Technology


The debate continues about the ethics of surveillance technology as more and more reports are released of governments using spying tools for nefarious purposes.


It should be noted that there are many different types of spyware.


Some of these types include:

  1. Software that tracks your location, such as Google Maps or Uber;

  2. Ones that monitor your web browser history, such as Google Chrome;

  3. Ones that capture screenshots or videos of your screen activity, such as Facebook Messenger's video calling feature;

  4. Ones that record audio from microphones connected with a device (such as iPhones),

  5. Spyware explicitly designed for law enforcement agencies like Cellebrite's UFED Touch which can crack into any iPhone within minutes;

  6. Spyware designed specifically for intelligence agencies like NSO Group's Pegasus, which allows an attacker complete control over victim's devices including turning on camera & microphone remotely etc.


The use of Pegasus by governments has been criticised by human rights groups. NSO Group says it only sells its technology to governments to help them fight terrorists and criminals, but at least two countries have been accused of using it against political opponents.


With the evolution of technology comes far more sophisticated and sinister methods for surveillance. And now, the collaboration between governments and companies who develop these technologies means there may be no checks and balances on our personal privacy and freedoms.


Who is going to advocate for the good of the common people and our rights that are being abused so casually?


Mass surveillance tools are a direct threat to all of us - not just "the bad guys". In the wrong hands, it enables governments or organisations to monitor journalists, political opponents or activist groups, threatening the practice of democracy, which includes our own freedom of expression and the press.


Oppressive regimes use surveillance to maintain their power. The goal is to sabotage the diversity of opinions and perspectives. By monitoring their "opponents", they are able to prevent them from gaining attention, popularity or momentum, and keep their own corruption from becoming exposed.



There is really no way to escape surveillance entirely. Either we completely "opt-out" of our digital lives - an almost impossible feat in a world dependent on technology - or we take on the individual responsibility to protect ourselves with knowledge and counter-practices.


Anonymous and encrypted tools are one way to bypass surveillance and enable freedom of expression and speech. They help journalists. individuals and activists expose corruption in its darkest corners. They help sustain a free press, where newspapers can investigate and publish without fear of being persecuted.


Technology has always been weaponised by governments. But we can fight back, by building digital remedies for anti-privacy and anti-surveillance.


After all, “we cannot expect governments, corporations, or other large, faceless organizations to grant us privacy … we must defend our own privacy if we expect to have any.


Mysterium wants to change the game. We care about a free, borderless web that is resistant to censorship and surveillance. Mysterium’s own dVPN was the world’s first. Your identity and IP are always hidden so you can brows the web anonymously and bypass unethical surveillance.

To find out more about what we do and how you can get involved you can visit us at mysterium.network


Also published here.