Logo

100: NSO

en-us

August 31, 2021

TLDR: The NSO Group creates Pegasus spyware sold to governments worldwide. John Scott-Railton and Citizen Lab investigated its use and company profile.

1Ask AI
  • Antivirus vs. FBI: Allies or Enemies?The use of malware by law enforcement agencies raises questions about the trustworthiness of antivirus software. Consumers must be aware of potential security breaches and make informed decisions about their technology use.

    The FBI used malware called Magic Lantern to capture keystrokes on target computers, but it sparked a debate in the security community on whether antivirus and security companies should detect and report on this activity. The FBI may want to go unnoticed in any kind of stealth mission, but antivirus software exists to alert when something shouldn't be happening. McAfee initially said it would not alert the user if Magic Lantern triggered and would ignore it, but later claimed it would alert when detected. This opens a door to a strange world of allies and enemies, making it difficult to know who to trust when the software you buy may be lying to you or when the FBI is infecting people with malware to spy on them.

  • Citizen Lab's investigative efforts in protecting digital rights.Citizen Lab's work sheds light on surveillance targeting civil society and emphasizes the need for organizations to defend digital rights.

    Citizen Lab investigates and reports on those in civil society who are targeted, raising public awareness of such targeting. Human rights activist Ahmed Mansoor was targeted multiple times and reached out to Citizen Lab for help. In 2016, when Mansoor contacted Citizen Lab again, they had previously found links to infrastructure of the NSO Group, which was thought to be used for targeted digital attacks. Mansoor provided a list of domains related to one of the attacks he received, which led to the discovery of Pegasus spyware. Citizen Lab had to set up careful monitoring to capture all network traffic when testing the link. The team's efforts showcase the importance of organizations like Citizen Lab in protecting digital rights.

  • The sophisticated exploit chain of the Pegasus malware on iPhones.The Pegasus malware marked a significant breakthrough in remote jailbreaking, using three zero-day exploits and exploiting unknown vulnerabilities in Apple's kernel to listen to calls, track location and read messages.

    The discovery of the Pegasus malware on iPhones marked a major breakthrough in remote jailbreaking. The sophisticated exploit chain involved three zero-day exploits, one of which enabled the attacker to download and run a malicious program after the victim clicked a link. The malicious program could not execute on an iPhone unless it was jailbroken, which the attacker achieved by exploiting two unknown vulnerabilities in Apple’s kernel. Once jailbroken, the program could turn on the microphone and camera, read WhatsApp messages, listen to calls, and track location without the victim's knowledge. This elegant and slick attack was particularly dangerous as it was easy to use, and it marked an order of magnitude more sophisticated than previous attempts at hacking.

  • Citizen Lab's Role in Exposing NSO Group's Pegasus SpywareCitizen Lab's collaboration with targeted individuals and quick action in characterizing and reporting malware is critical in uncovering potentially harmful spyware like Pegasus that could impact the privacy of ordinary citizens.

    Citizen Lab played a crucial role in discovering the NSO Group's Pegasus spyware malware from Ahmed Mansoor's text messages. The malware could target an arbitrary cell phone and gain access and persistence, which is the flagship software that NSO sells to governments. Citizen Lab worked quickly to characterize the malware and inform Apple to patch it. The organization's partnership and synergy with groups like Mansoor's, along with their intuition, are essential in their investigations. Beyond Pegasus, the NSO Group sells powerful mobile phone hacking solutions to governments, enabling them to regain visibility on encrypted mobile devices. The exploit became highly influential in the gaming community, where individuals used it to jailbreak their Nintendo Switches. The NSO Group's business model is a combination of hacking as a service and software provision.

  • The Dark Side of NSO Group's Spyware TechnologyNSO Group's spyware technology, touted as a means to prevent crime and terrorism, has been accused of violating human rights and imprisoning journalists and activists. The focus should be on responsible use of technology by security services to prevent future harm.

    NSO Group, a technology firm that sells spyware to governments and intelligence agencies for preventing crime and terrorism, has been accused of abusing its power by violating human rights and imprisoning journalists and activists. Despite multiple opportunities to have their voice in this episode, the company refused. The measure of any technology is how it is being used against vulnerable people and how it helps. The NSO Group has made several claims about saving lives, but the concern is papering over the problematic cases of abuse. We need to focus on ensuring responsible use of technology by security services and prevent any future harm to people. Victims, researchers, and news agencies have reported against NSO, while the company can only rely on its management's claim of doing good.

  • Pegasus - Potential for Good and HarmTechnologies like Pegasus must be supervised and regulated, just like the police, to avoid abuse and ensure legal accountability. The Mexican incident indicates that Pegasus was exploited to target innocent individuals advocating for public health.

    While Pegasus has been used for potential good, such as capturing drug lord El Chapo in Mexico, it has also been susceptible to abuse, as seen in instances where innocent people advocating for public health were targeted. Any technology that has the potential for both good and harm needs to be carefully overseen to prevent abuse and ensure legal accountability, just like the police. The shady instances of the use of Pegasus in Mexico show that someone linked to the Mexican Pegasus operator likely did a favor for business by targeting those advocating for more taxes on soda as a means to reduce childhood obesity.

  • Misuse of Pegasus Spyware by Governments and its OperatorsThe Pegasus spyware, sold to governments, has been used to target innocent people including journalists, lawyers, and others. The operators were brazen, and NSO claims to be unaware of its misuse. Vigilant research approach is crucial in identifying suspect messages.

    The Pegasus spyware has been used by law enforcement entities, military, and intelligence agencies after being sold by NSO to governments around the world. It is being misused to target innocent people, journalists, lawyers representing the families of victims of cartel kidnappings, and others. The research approach undertaken by the lab, where they worked closely with local organizations, helped them identify potentially suspect messages and compare them against lists that were previously developed of NSO exploit infrastructure. The operators of the Pegasus spyware were incredibly brazen and sent messages that were tailored, relevant, and at times, gross. NSO claims they don't know how the tool is used or who it's being used on.

  • The Misuse of Pegasus Spyware in Mexico and Saudi ArabiaThe unethical use of Pegasus spyware by Mexican authorities and its sale to the Saudi Arabian government highlights the need for stronger regulations and oversight of surveillance tools to protect individuals and their rights.

    The Pegasus spyware was used by Mexican authorities to target civil society members, including journalists and activists who were advocating for justice and accountability. Their targeting included crude and emotional messages that aimed to get the target to click a link on their phone without any ethical line. The victimization didn't stop even after the death of journalist Javier Valdez, whose colleagues and widowed wife were targeted by Pegasus. The blame can be shared between the government and NSO, whose product was purchased by Tomas Zeron, who subsequently fled to Israel after being charged for torture and enforced disappearance. NSO also sold Pegasus to the Saudi Arabian government, which is linked to the murder of journalist Jamal Khashoggi.

  • Link between Pegasus Spyware and Physical ViolenceThe use of Pegasus spyware in the assassination of journalist Jamal Khashoggi demonstrates the dangerous connection between targeted spyware and violent acts. The accountability and transparency of companies like NSO Group must be questioned.

    The use of Pegasus spyware has been linked to cases of physical violence, including the assassination of journalist Jamal Khashoggi. Pegasus was likely used to gather information on Khashoggi's activities and connections to ultimately plan his murder. While the company behind Pegasus, NSO Group, denies involvement in the murder or spying on Khashoggi, there is evidence that phones of his family and friends were targeted with Pegasus. This highlights the troubling nexus between targeted spyware and physical violence. NSO Group claims they have the technology to shut down the system if it is misused, but there are doubts about their accountability and transparency in the use of their product.

  • Lack of regulations on mobile spyware sales raise ethical concernsNSO Group's lack of clear regulations and false denials for misuse of mobile spyware highlight the urgency for tighter regulations and holding companies accountable for the misuse of their technology.

    NSO Group, a for-profit company that sells mobile spyware, has faced scrutiny over the misuse of their technology as there are no good regulations on who can sell or buy them. While the company claims to have three layers of vetting potential customers and clear definitions of terrorism, concerns remain around governments using the technology to spy on opposition groups, and NSO's credibility has been affected by repeatedly issuing denials that were later proven false. The lack of international laws means that ethical and moral judgments made by NSO's staff and leadership are relied upon, but the concept of what is considered terrorism is not universally agreed upon. This all highlights the need for tighter regulations and accountability for the use of such technology.

  • The Danger of Language and Accountability in the Hacking IndustryBe aware of language used to promote authoritarianism and nationalism, and question the accountability of players in the hacking industry such as NSO. They may have more power and oversight than previously thought.

    The language used to promote authoritarianism and nationalism is the same language used to push for the Patriot Act after 9/11. It is important to be critical of this language and think critically to avoid supporting such a world. NSO is a player in the hacking industry that is totally unaccountable. They are currently in court denying accountability for hacking a US company and its users. WhatsApp sued NSO and discovered that NSO owned and operated servers used for exploitation, challenging the idea that NSO wouldn't know what its customers are doing and wouldn't exercise oversight. NSO may be able to look over its customer's shoulders and see who they were infecting with the technology.

  • Major tech companies and civil society organizations support lawsuit against NSO amid new allegations of Pegasus spyware targeting.Despite NSO's denials and attempts to dismiss the lawsuit, major tech companies and civil society organizations remain committed to holding the company accountable for its alleged role in the development and deployment of spyware targeting prominent individuals.

    The lawsuit between WhatsApp/Facebook and NSO is yet to go to trial as NSO is currently trying to get the case dismissed. Many major tech companies and civil society organizations including Microsoft, Cisco, GitHub, Google, LinkedIn, and VMware are supporting the case and have urged the judge to not dismiss it. However, NSO recently hit the news again with the Pegasus Project where a leaked list of 50,000 phone numbers were claimed to be potential targets for Pegasus spyware, targeting activists, journalists, government officials, and people like the daughter of the manager of the hotel in the Hotel Rwanda case. NSO denies having such a list or the theft of their target list, but doubts remain as the company's first transparency and responsibility report suggests they do have access to customer logs.

  • The Dark Side of NSO's Pegasus SpywareNSO's lack of transparency and accountability raises concerns about how their spyware is being used to infringe on human rights and harm civil society.

    NSO's Pegasus spyware is being used by various governments to spy on activists and individuals who are outspoken against the government. The NSO Group claims to have a list of fifty-five countries they won't do business with due to human rights abuse, corruption or regulatory restrictions. However, their transparency report seems like PR fluff because they do not highlight the instances of abuse or name the countries they cut ties with. Moreover, the NSO Group is not willing to be transparent about their customers and their data usage. Although the tool is used for good purposes like preventing terror attacks and protecting airspace, it still harms civil society. NSO should be held accountable for getting their tool into the wrong hands.

  • NSO Group's Malware for Oppressive RegimesNSO Group has been accused of creating malware to hack into people's phones and selling it to oppressive regimes. Despite being audited by the Israeli government, they continue to sell their products, ignoring potential harm to human rights.

    NSO Group, a cyber intelligence firm, has been accused of creating malware to hack into people's phones which has been used by oppressive regimes. The Israeli government has audited NSO Group in July 2021 to review their export licenses and investigate if the firm has done anything wrong. Although Pegasus vulnerabilities have been fixed, NSO has a new version of the spyware. Cowboy capitalists firms like NSO view the exposure of exploits as part of the cost of doing business and continue to sell their products even if they know it might be used to commit non-lawful activities. Citizen Lab and other organizations have exposed NSO's spyware and human rights violations. The recent Black Cube spying operation on John Scott-Railton and Citizen Lab was part of a coordinated effort to frustrate the ability of victims to get justice.

  • NSO Group accused of unethical behavior and potential US law violationsNSO Group's actions highlight the inherent dangers of surveillance technology and raise questions about the accountability of companies that sell it, as well as the governments that use it.

    NSO Group, a spy tool selling company that claims to not engage in spying themselves, may have paid Black Cube to spy on Citizen Lab and lawyers of victims of the Pegasus software. This clearly shows a case of unethical behavior from NSO Group, raising doubts about their trustworthiness and ability to make ethical choices regarding who to sell their spyware to. Additionally, the NSO Group has attempted to sell their spyware to police departments in the US and FBI is investigating if any of its exploits were used by Americans. While NSO claims to be selling lawful intercept technology, the lack of consequences for governments abusing this tool raises concerns about citizens' safety and privacy.

Was this summary helpful?

Recent Episodes

103: Cloud Hopper

103: Cloud Hopper

Darknet Diaries

Fabio Viggiani is an incident responder. In this episode he talks about the story when one of his clients were breached. Sponsors Support for this show, and for stretched security teams, comes from SOC.OS. Too many security alerts means alert fatigue for under-resourced SecOps teams. Traditional tools aren’t solving the problem. SOC.OS is the lightweight, cost-effective, and low-maintenance solution for your team. Centralise, enrich, and correlate your security alerts into manageable, prioritised clusters. Get started with an extended 3-month free trial at https://socos.io/darknet. Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Sources  https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper  https://www.reuters.com/article/us-china-cyber-cloudhopper-companies-exc-idUSKCN1TR1D4  https://www.fbi.gov/wanted/cyber/apt-10-group  https://www.youtube.com/watch?v=277A09ON7mY  https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061  https://www.technologyreview.com/2018/12/20/239760/chinese-hackers-allegedly-stole-data-of-more-than-100000-us-navy-personnel/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

October 26, 2021

102: Money Maker

102: Money Maker

Darknet Diaries

Frank Bourassa had an idea. He was going to make money. Literally. Listen to the story of a master counterfeiter. Learn more about your ad choices. Visit podcastchoices.com/adchoices

October 12, 2021

101: Lotería

101: Lotería

Darknet Diaries

The Puerto Rico Lottery mysteriously lost money. Ten individuals were indicted for drug trafficking and money laundering charges, including a case against Delfin Robles Alvarez. The Caribbean Corridor Strike Force made the arrests, but details of what happened next are not fully transparent.

September 28, 2021

99: The Spy

99: The Spy

Darknet Diaries

Private investigator Igor works in NYC, often keeping a distant eye on someone through binoculars in a case that didn't sit right with him. He sensed something was off on this particular investigation.

August 17, 2021

Related Episodes

The Sunday Read: 'The Battle for the World’s Most Powerful Cyberweapon'

The Sunday Read: 'The Battle for the World’s Most Powerful Cyberweapon'

The Daily

Investigative journalists Ronen Bergman and Mark Mazzetti discuss Pegasus, a powerful Israeli surveillance tool used globally by law enforcement and intelligence agencies, which is now under scrutiny for alleged abuses of power including targeting journalists and political dissidents, such as in the case of Jamal Khashoggi.

February 27, 2022

137: Predator

137: Predator

Darknet Diaries

Hosts discuss a new mercenary spyware called Predator, which infects mobile phones and steals sensitive data. Experts Crofton Black from Lighthouse Reports and Citizen Lab contributors Bill Marczak and John Scott-Railton are interviewed.

September 05, 2023

The U.S. Banned Spyware — and Then Kept Trying to Use It

The U.S. Banned Spyware — and Then Kept Trying to Use It

The Daily

A small Israeli company, NSO Group, created a powerful hacking tool that has been used by autocracies and some democracies to spy on dissidents, human rights activists, and journalists. The Biden administration is trying to limit its use.

May 15, 2023

150: mobman 2

150: mobman 2

Darknet Diaries

Re-examining Episode 20 of Darknet Diaries, exploring doubts about Greg aka 'mobman' claiming to create sub7 malware.

October 01, 2024

AI

Ask this episodeAI Anything

Darknet Diaries

Hi! You're chatting with Darknet Diaries AI.

I can answer your questions from this episode and play episode clips relevant to your question.

You can ask a direct question or get started with below questions -

Sign In to save message history