Security Program Controls/Technologies, Content

NSO Group’s Pegasus Spyware and Phantom Encryption Cracker Trigger Fresh Concerns

skull of death on smartphone screen. Hacked mobile phone on laptop computer

Spyware and its best known proprietor, the Israeli surveillance company NSO Group, have again taken center stage in attempts to pry into the private lives of targeted people worldwide using tailored cyber weaponry.

A whistleblower has told Justice Department officials that NSO offered “bags of cash” to a U.S. mobile carrier for access to a network that helps mobile telecoms route calls and services for users in all parts of the world, the Washington Post reported.

The offer reportedly came in a conference call in 2017 between NSO and Mobileum, a security services specialist for cellular companies worldwide, according to mobile phone expert Gary Miller, who worked for Mobileum at the time, the Post reported. Cell phone surveillance would better enable NSO to track targets worldwide.

NOS, Pegasus and U.S. Government Agencies

American hands are far from clean in its doings with NSO and its Pegasus spyware, which is used by governments, some of which are known human rights abusers, to globally track and apprehend criminals and also, when in the wrong hands, to suppress dissidents.

Recently, Justice and the Federal Bureau of Investigation (FBI) engaged with NSO on newly-developed encryption cracking software called Phantom that would enable federal law enforcement to work around U.S. privacy laws in criminal cases without cooperation from mobile carriers, Apple or Google, the New York Times reported. The U.S. was the only country allowed to license the software, the report said.

The FBI has acknowledged testing Pegasus for criminal investigations, the Post reported. In a statement to the newspaper, the FBI said the spyware had not been used “in support of any investigation.”

Discussions with Justice officials and the FBI about Phantom reportedly continued until last summer when the latter agency decided not to engage with the spyware maker on Phantom. For its part, NSO flatly denied conducting business with cash or engaging with Mobileum and said it had no knowledge of an investigation by Justice.

Israeli Police Leverage NOS Spyware

Meanwhile, Israeli police, after first adamantly denied using using NSO’s spyware to surveil some of the nation’s citizens “without receiving proper judicial oversight,” have backpedaling from earlier claims that no such activity had occurred without court approval, the Times of Israel reported. Upon further review, the police admitted “additional findings were discovered that change the state of affairs in certain aspects,” the report said. Not exactly a full-throated admission of guilt but rather a "mistakes were made" statement.

The police's confession was preceded by a report three weeks ago in Calcalist, an Israeli business website, that local law enforcement police have been using spyware for years against citizens not suspected of crimes. Haaretz, an Israeli newspaper, has published a list of 450 cases in which Pegasus has been found on the phones of unsuspecting victims. “The gap between the massive list of potential targets and those who were actually infected highlights how hard it is to confirm the presence of Pegasus spyware on phones,” Haaretz wrote.

NSO chief executive Asaf Shalev in a recent interview said that Pegasus is set up not to infect Israeli mobile phones. “As a citizen, if the things that were written are true, it worries me personally,” he said in response to use of the spyware by Israeli police. “I choose to believe the attorney general, the public security minister, and the police chief who say time and again these things never happened.”

How is any of this pertinent to MSSPs? Spyware, like that developed and used by NSO, could readily infect the mobile phones of U.S. business leaders, C-suite executives and even influential rank and file employees. An additional way for MSSPs to remain relevant to their enterprise customers beyond keeping them safe from hackers can be to keep their devices free from intruding spyware made to track their whereabouts.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.