Not everyone is fortunate enough to live in a free country. Many people still live in surveillance states, where the government wants to assure that the people never have their opposing voices heard. Some countries censor the internet and block major social media networks. Other countries send malware, or spyware, to people they want to keep a closer eye on. According to Amnesty International, this is exactly what happened in Morocco.
Two human rights activists in Morocco were sent suspicious text messages containing links. Upon clicking the links, an Israeli NSO created spyware program called Pegasus attempted to install itself. The targets of the attempted spyware attack where prominent Moroccan human rights lawyer Abdessadak El Bouchattaoui and outspoken activist Maâti Monjib.
Monjib noticed that his iPhone would redirect to spammy, malicious appearing websites every time he attempted to access the French version of Yahoo. Any attempt to connect to a website without an encrypted “HTTPS” connection would cause the device to behave abnormally. Instead of reading the news or checking his mail, his Safari log showed that redirects were attempting to shove him in another direction. Monjib was able to work around these redirects by Google searching for the sites he wanted to visit and tapping the top results.
What The Malware Does
Pegasus is one of the most comprehensive and powerful spyware programs known to exist. Hundreds of people have been targeted by successful or attempted forced Pegasus installations, mostly for political reasons. Pegasus works as a man in the middle (MitM) attack. The hacker (or program) gains control of the device’s network and/or traffic, attempting to modify it to a malicious end. The spyware often targets exploits in popular apps popular among both iOS and Android Users, such as WhatsApp for messaging.
Amnesty International’s investigation found that at least one injection attempt to Monjib’s phone was successful, compromising his device. Reviewing the iPhone’s logs showed behavior consistent with Pegasus tampering.
NSO insists that their products are not intend to be used for these purposes, and notes that they have rescinded customer access to the products based on hacking or device tampering allegations. It’s worth noting that there does not seem to be a legitimate reason for NSO’s spyware products to exist if not for anything other than malicious purposes.
In response to the allegations and Amnesty International’s findings, NSO has released the following statement:
“As per our policy, we investigate reports of alleged misuse of our products. If an investigation identifies actual or potential adverse impacts on human rights, we are proactive and quick to take the appropriate action to address them. This may include suspending or immediately terminating a customer’s use of the product, as we have done in the past.
While there are significant legal and contractual constraints concerning our ability to comment on whether a particular government agency has licensed our products, we are taking these allegations seriously and will investigate this matter in keeping with our policy. Our products are developed to help the intelligence and law enforcement community save lives. They are not tools to surveil dissidents or human rights activists. That’s why contracts with all of our customers enable the use of our products solely for the legitimate purposes of preventing and investigating crime and terrorism. If we ever discover that our products were misused in breach of such a contract, we will take appropriate action.”
Keeping Devices Secure
Absolutely never open links or attachments from unknown senders. Switching to end to end encrypted platforms for communication and storage, such as Private Mail, can drastically reduce the chances that the attachments or links you receive will be compromised or unsafe. Exclusively browsing the internet through a stealth VPN will keep your activity encrypted, secure, and undetectable. Use and frequently update antivirus and antimalware software on every device as a failsafe. Anyone can be targeted by malware – it’s up to you to make security focused decisions to protect yourself.