Source: New York Times
Since the genesis of the internet information has always been susceptible to breaches by potentially any hacker. Today, as a society we have become hyper-dependent on technology in all aspects of our lives, from mindlessly clicking through our Instagram stories to hosting a semester’s worth of school on zoom. Of course, many of these advances are wildly beneficial and have led to a spread of information across the planet at a never before-seen rate, however, this rapid influx of information comes with a giant caveat, the end to personal privacy.
Facebook knowingly selling their users data, Edward Snowden unveiling the perverted intrusion of citizens surveillance in the U.S and U.K, presidential elections being swayed by other governments, all done with the push of a button. Of course, this is nothing new and stories like this and many more are common knowledge of the public; however, our reliance on these technologies have made these companies and platforms into monopolies that we have no choice but to use, and the ones that manipulate these products the most ( also the ones that are creating the legislation against it) are international governments.
The largest scandal in recent history was committed by the NSO –an Israeli technology firm– a group allegedly hired by the Israeli government to combat and monitor terrorism, was actually found out to be a supplier of phone hacking service (Pegasus) to multiple governments. Thousands of reporters, elected officials, and political strategists, to name a few, were targeted. An article written by The Times of India titled “Pegasus Snooping: How costly is the Israeli Spyware?” outlined the exact financial plans that the NSO offered to governments with rates such as “$650,000 to spy on 10 iPhone users; $650,000 for 10 Android… on top of a setup fee”. The NSO and more specifically the Pegasus group accomplished this breach by sending phishing links as text messages to the target that when opened, would download malware that would gain access to all of the phone’s information including G-mail, Messenger, WhatsApp, etc.. essentially it would grant access to a person’s entire life with again, just one click. However, as phishing attacks became more public, the Pegasus group decided to add another item to their shop of intrusion and began offering zero-click exploits. Zero-click exploits as explained by OCCRP (The Organized Crime and Corruption Reporting Project) and in the aforementioned “Pegasus Snooping…” article as , “Once a vulnerability is found, Pegasus can infiltrate a device using the protocol of the app. The user does not have to click on a link, read a message, or answer a call – they may not even see a missed call or message”.
Source: Ryo Kawasaki
These claims were initially denied by the NSO with the article “Pegasus scandal: Are we all becoming unknowing spies?” by author Gordon Corera for the BBC stating, “ NSO Group say they only sell their spyware for use against serious criminals and terrorists. But the problem is how you define those categories.”. However, this response was to be expected, as the NSO has its pockets deep into many governments, their main buyer being Mexico, but they even have ties to the United States. In the article “The Battle for the World’s Most Powerful Cyberweapon” written by New York Times reporters Ronen Bergman and Mark Mazzetti, it is uncovered that the FBI hosted a secret meeting with the NSO test Pegasus, and when the NSO communicated to the FBI that Pegasus was unable to hack into the phones of any Americans, they provided “ a workaround. During a presentation to officials in Washington, the company demonstrated a new system, called Phantom, that could hack any number in the United States that the F.B.I. decided to target.”.
So with all of this in mind, there is one lingering question… How do we stop governments from hacking into our personal data? Well the answer is not so simple, on the technology side there have been advancements such as zero-knowledge proofs, that essentially would only require proof from the owner of the data without leaking any other information. This technology is growing rapidly, however, there is still the main issue of governments lacking any repercussions for these data breaches. Personally, I am waiting for our security technology to beef up, but for those that want to make change now, I suggest sharing stories like Pegasus with others, get the word out, talk to your local representatives, and hold them and the companies that are being breached to increase their securities and make dealings such as the FBI/NSO meeting public information that does not have to be uncovered years later by a whistleblower. Our phones are becoming our lives, and companies like the NSO are serving them as appetizers to the biggest mouth to feed.
References
Bergman, Ronen, and Mark Mazzetti. “The Battle for the World’s Most Powerful Cyberweapon.” The New York Times, The New York Times, 28 Jan. 2022,
https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html.
Corera, Gordon. “Pegasus Scandal: Are We All Becoming Unknowing Spies?” BBC News, BBC, 21 July 2021,
https://www.bbc.com/news/technology-57910355.
TIMESOFINDIA.COM. “Pegasus Snooping: How Costly Is the Israeli Spyware? – Times of India.” The Times of India, TOI, 30 July 2021,
https://timesofindia.indiatimes.com/business/india-business/pegasus-snooping-how-costly-is-the-israeli-spyware/articleshow/84893498.cms.