Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Pegasus. Show all posts
WhatsApp
AI Backdoor Data Encryption Pegasus Spyware Technology WhatsApp

Frances Proposes Law Requiring Tech Companies to Provide Encrypted Data


Law demanding companies to provide encrypted data

New proposals in the French Parliament will mandate tech companies to give decrypted messages, email. If businesses don’t comply, heavy fines will be imposed.

France has proposed a law requiring end-to-end encryption messaging apps like WhatsApp and Signal, and encrypted email services like Proton Mail to give law enforcement agencies access to decrypted data on demand. 

The move comes after France’s proposed “Narcotraffic” bill, asking tech companies to hand over encrypted chats of suspected criminals within 72 hours. 

The law has stirred debates in the tech community and civil society groups because it may lead to building of “backdoors” in encrypted devices that can be abused by threat actors and state-sponsored criminals.

Individuals failing to comply will face fines of €1.5m and companies may lose up to 2% of their annual world turnover in case they are not able to hand over encrypted communications to the government.

Criminals will exploit backdoors

Few experts believe it is not possible to bring backdoors into encrypted communications without weakening their security. 

According to Computer Weekly’s report, Matthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said, “A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cyber criminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone.”

Researchers stress that the French proposals aren’t technically sound without “fundamentally weakening the security of messaging and email services.” Similar to the “Online Safety Act” in the UK, the proposed French law exposes a serious misunderstanding of the practical achievements with end-to-end encrypted systems. Experts believe “there are no safe backdoors into encrypted services.”

Use of spyware may be allowed

The law will allow using infamous spywares such as NSO Group’s Pegasus or Pragon that will enable officials to remotely surveil devices. “Tuta Mail has warned that if the proposals are passed, it would put France in conflict with European Union laws, and German IT security laws, including the IT Security Act and Germany’s Telecommunications Act (TKG) which require companies to secure their customer’s data,” reports Computer Weekly.

Read more »
Technology
iVerify Pegasus Security Tool Spyware Technology

Novel iVerify Tool Detects Widespread Use of Pegasus Spyware

 


iVerify's mobile device security tool, launched in May, has identified seven cases of Pegasus spyware in its first 2,500 scans. This milestone brings spyware detection closer to everyday users, underscoring the escalating threat of commercial spyware. 

How the Tool Works 

iVerify’s Mobile Threat Hunting uses advanced detection methods, including:
  • Malware Signature Detection: Matches known spyware patterns.
  • Heuristics: Identifies abnormal behavior indicative of infections.
  • Machine Learning: Analyzes patterns to detect potential threats.
The service is offered to paying customers, with a free version available via the iVerify Basics app for a nominal fee. Users can run monthly scans, generating diagnostic files for expert evaluation. 
  
Spyware’s Broadening Scope 
 
The detected infections reveal Pegasus spyware targets beyond traditional assumptions: Victims include business leaders, government officials, and commercial enterprise operators.

The findings suggest spyware usage is more pervasive than previously believed.

Rocky Cole, iVerify’s COO and former NSA analyst, stated, "The people who were targeted were not just journalists and activists, but business leaders, people running commercial enterprises, and people in government positions."

Detection and Challenges iVerify’s tool identifies infection indicators such as:
  • Diagnostic data anomalies.
  • Crash logs.
  • Shutdown patterns linked to spyware activity.
These methods have proven crucial in detecting Pegasus spyware on high-profile targets like political activists and campaign officials. Despite challenges such as improving mobile monitoring accuracy and reducing false positives, the tool's efficacy marks a significant advancement. 
  
Implications for Mobile Security 
 
The success of iVerify’s tool signifies a shift in mobile security perceptions: Mobile devices like iPhones and Android phones are no longer considered relatively secure from spyware attacks.

Commercial spyware’s increasing prevalence necessitates more sophisticated detection tools.

iVerify’s Mobile Threat Hunting tool exemplifies this evolution, offering a powerful resource in the fight against spyware and promoting proactive device security in an increasingly complex threat landscape.
Read more »
Spyware
Apple Cyber Security data security iPhone Hacks Mobile Hacking Mobile Spyware Pegasus Pegasus Spyware Spyware

Apple Alerts Pegasus-like Attack on Indian Activists and Leaders

 

On July 10, two individuals in India received alarming notifications from Apple, Inc. on their iPhones, indicating they were targeted by a “mercenary” attack. This type of spyware allows attackers to infiltrate personal devices, granting access to messages, photos, and the ability to activate the microphone and camera in real time. Apple had previously described these as “state-backed” attacks but revised the terminology in April. 

Iltija Mufti, political adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of the Samruddha Bharat Foundation, reported receiving these alerts. Both Mufti and Deshpande confirmed to The Hindu that they had updated their phones and planned to have them forensically examined. A spokesperson for Apple in India did not provide an immediate comment. 

Although the alert did not specifically mention state involvement, it cited Pegasus spyware as an example. Pegasus, developed by the Israeli NSO Group Technologies, is exclusively sold to governments. The Indian government has not confirmed or denied using Pegasus and declined to participate in a Supreme Court-ordered probe into its deployment. This is the first instance in months where such spyware alerts have been issued. 

The last known occurrence was in October, when Apple devices belonging to Siddharth Varadarajan of The Wire and Anand Mangnale of the Organized Crime and Corruption Report Project received similar warnings. Forensic analysis later confirmed they were targeted using vulnerabilities exploited by Pegasus clients. Both Mufti and Deshpande criticized the Union government, accusing it of using Pegasus. Mufti stated on X (formerly Twitter), “BJP shamelessly snoops on women only because we refuse to toe their line,” while Deshpande highlighted the government’s misplaced priorities, focusing on deploying Pegasus rather than addressing India’s significant challenges. 

An international investigation in 2021 by the Forbidden Stories collective exposed widespread targeting of civil society organizations, opposition politicians, and journalists with Pegasus spyware. The Indian government denied illegal activity but did not clearly confirm or deny the use of Pegasus. Alleged targets included Rahul Gandhi, former Election Commissioner Ashok Lavasa, student activist Umar Khalid, Union Minister Ashwini Vaishnaw, the Dalai Lama’s entourage, and individuals implicated in the 2018 Bhima Koregaon violence.
Read more »
Spyware
Cyber Attacks EU European Union Hacking Human rights Meduza Pegasus Pegasus Spyware Russian exiled journalist Spyware

Russian Exiled Journalist Says EU Should Ban Spyware


The editor-in-chief of the independent Russian news site Meduza has urged the European Union to enact a comprehensive ban on spyware, given that spyware has been frequently used to violate human rights.

According to Ivan Kolpakov, Meduza’s editor-in-chief based in Latvia, it was obvious that Europeans should be very concerned about Pegasus in light of the discoveries regarding the hacking of his colleague Galina Timichenko by an as-yet-unconfirmed EU country.

“If they can use it against an exiled journalist there are no guarantees they cannot use it against local journalists as well[…]Unfortunately, there are a lot of fans in Europe, and we are not only talking about Poland and Hungary, but Western European countries as well,” said Kolpakov.

Since last month, the European Commission has been working on guidelines for how governments could employ surveillance technologies like spyware in compliance with EU data privacy and national security rules since last month. Despite the fact that member states are responsible for their own national security, the Commission is considering adopting a position after learning that 14 EU governments had purchased the Pegasus technology from NSO Group.

Apparently, Timichenko was targeted by Pegasus in February 2023 when she was in Berlin for a private gathering of Russian media workers exile. The meeting's subject was the threats posed by the Russian government's categorization of independent Russian media outlets as foreign agents.

Taking into account the work that Timichenko deals with, Russia was first suspected; but, according to the digital rights organization Access Now, additional information suggests that one of the intelligence services of an EU member state — the exact one is yet unknown — is more likely to be to blame.

Allegedly, the motive behind the hack could be that numerous Baltic nations, to whom Russia has consistently posed a threat, are worried that a few FSB or GRU agents may have infiltrated their borders among expatriate dissidents and journalists.

“It may happen and probably it actually happens, but in my opinion, it does not justify the usage of that kind of brutal tool as Pegasus against a prominent independent journalist,” Kolpakov said.

Kolpakov believes that the revelations have left the exiled community feeling they are not safe in Europe. “This spyware has to be banned here in Europe. It really violates human rights,” he added.     

Read more »
User Privacy
FBI Hackers Israel malware NSO Group Pegasus Ransomware Attacks. User Privacy

FBI Nearly Adopted NSO's Spyware

According to a report published by the New York Times on Saturday, several agents from the US Federal Bureau of Investigation worked to enhance the rollout of Pegasus, the notorious phone-hacking program created by Israel's NSO Group. 

What is Pegasus?

Once installed, Pegasus spyware enables the user to fully manage a target's phone, allowing them to see messages, listen in on calls, and access the phone as a remote listening device.

Significant numbers of human rights activists, journalists, politicians, and corporate executives were reportedly designated as potential targets of NSO's Pegasus program, which has caused criticism for the Israeli company responsible for its development. 

When smartphones are infected with Pegasus, they effectively become portable surveillance tools that can be used to read the target's messages, browse through the images, or even switch on the user's camera and microphone secretly.

FBI Purchased Pegasus 

The highly classified files, which were provided to the Times in response to a FOIA request, reveal that agency officials had developed guidelines for federal prosecutors concerning how to disclose Pegasus usage in court proceedings and were progressed in organizing to brief FBI heads on the malware.

Additionally, the FBI asserted that Pegasus had never been used to assist an FBI investigation. The FBI only obtained a restricted license for product testing and evaluation, the statement read "There was no functional use in support of any investigation."

The announcement represents a clear admission by the FBI that it purchased Pegasus, one of the most advanced hacking tools in existence.

The FBI examined NSO's Phantom software, which has the ability to hack US phones, earlier this year, the press reported. After learning that NSO's hackers were linked to violations of human rights all around the world and as negative press about the technology spread, the FBI eventually opted against utilizing it.

The New York Times broke the news of the FBI's acquisition of Pegasus in 2019 while the Trump administration was in control. However, the bureau has still not ruled out the potential of using comparable technology in the future, the report said, citing recent court records.

A legal brief submitted on the bureau's behalf last month stated that "just because the FBI eventually decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate, and potentially deploy other similar tools for gaining access to encrypted communications used by criminals."



Read more »
User Safety
Data Data Breach Data Leak Pegasus Safety Security User Data User Safety

Telstra Struck by Data Breach Exposing 30,000 Employees' Data

 

Telstra, Australia's largest telecommunications company, revealed a data breach via a third-party supplier. The company stated that its systems were not compromised; rather, the security breach affected a third-party supplier who previously provided a now-defunct Telstra employee rewards programme. 

The data breach affected a third-party platform called Work Life NAB, which is no longer available, and was provided to several other organisations by Pegasus Group Australia (a subsidiary of MyRewards International Ltd.). Pegasus Group Australia, a subsidiary of MyRewards International Ltd, ran it. 

The third-party platform did not store any customer account information, according to Narelle Devine, the company's chief information security officer for the Asia Pacific region. Other companies appear to have been affected by the security breach. Data from 2017 was leaked online, and it included names (first and last) and email addresses used to sign up for the employee rewards programme.

“Information obtained as a result of a data breach at a third-party supplier was posted on the internet. The supplier previously provided a now-obsolete Telstra employee rewards program.” reads the statement published by the company. “Critically, there was no breach of any Telstra systems, and no customer account information was stored on the third-party platform.”

According to Reuters, people who obtained access to internal Telstra staff email, 30,000 current and former employees have been affected. The company is still investigating the incident and assisting the third party in determining how and to what extent the security breach occurred.

Optus, Australia's second-largest company, recently confirmed that a security breach impacted nearly 2.1 million of its current and former customers.
Read more »
Spyware
Cyber Attacks Hackers Hacks Mexico Pegasus Ransomware Spyware

Report: Mexico Continued to Utilize Spyware Against Activists

 

Despite President Andrés Manuel López Obrador's pledge to end such practices, the Mexican government or army is said to have continued to use spyware designed to hack into activists' cellphones. 

As per press freedom groups, they discovered evidence of recent attempts to use the Israeli spyware programme Pegasus against activists investigating human rights violations by the Mexican army. A forensic investigation by the University of Toronto group Citizen Lab confirmed the Pegasus infection. 

The targets included rights activist, Raymundo Ramos, according to a report by the press freedom group Article 19, The Network for the Defense of Digital Rights, and Mexican media organisations. Ramos has spent years documenting military and police abuses, including multiple killings, in Nuevo Laredo, a drug cartel-dominated border city. In 2020, Ramos' cellphone was apparently infected with Pesgasus spyware.

“They do not like us documenting these types of cases, for them to be made public and have criminal complaints filed,” Ramos said.

Other victims in 2019 and 2020 included journalist and author Ricardo Raphael and an unnamed journalist for the online media outlet Animal Politico. 

According to Daniel Moreno, director of Animal Politico, "if the president didn't know, that is very serious because it means the army was spying on him without his consent." If the president was aware, it would be extremely serious."

López Obrador took office in December 2018 with the promise of ending government spying. The president claimed that as an opposition leader, he had been subjected to government surveillance for decades. Lopez Obrador said in 2019, in response to questions about the use of Pegasus, “We are not involved in that. Here we have decided not to go after anybody. Before, when we were in the opposition, we were spied on.”

According to the report, the Mexican army requested price quotes for surveillance programmes from companies involved in the distribution of Pegasus, which the company claims is only sold to governments. The hacker group Guacamaya discovered army documents containing requests for price quotes from 2020, 2021, and 2022.

Because of the nature of their work and the timing of the espionage, the victims of the spyware attacks assumed the military was to blame. Leopoldo Maldonado, the director of Article 19, stated, “All of this indicates two possible scenarios: the first, that the president lied to the people of Mexico. The second is that the armed forces are spying behind the president’s back, disobeying the orders of their commander in chief.”

When reached for comment, a spokesman for Mexico's Defense Department stated that there was no immediate response to the allegations. In 2021, a Mexican businessman was arrested on suspicion of spying on a journalist with the Pegasus spyware, but the Israeli spyware firm NSO Group distanced itself from him. In Mexico, the businessman has long been described as an employee of a company that acted as an intermediary in spyware purchases.

According to López Obrador's top security official, two previous administrations spent $61 million on Pegasus spyware. The NSO Group has been linked to government surveillance of political opponents and journalists all over the world. 

"NSO's technologies are only sold to vetted and approved government entities," as per the company.

Mexico had the largest list — approximately 15,000 phone numbers — of more than 50,000 reportedly selected for potential surveillance by NSO clients.

López Obrador has relied on the military more and given it more responsibilities than any of his predecessors, from building infrastructure to overseeing seaports and airports. This has sparked concern that the Mexican army, which has traditionally avoided politics, is becoming a force unto itself, with little oversight or transparency.
Read more »
zero Day vulnerability
Android Cyber Security NSO Group Pegasus zero Day vulnerability

A spyware Rival Intellexa Challenges NSO Group

The Pegasus creator NSO Group is now facing competition from a little-known spyware company called Intellexa, which is charging $8 million for its services to hack into Android and iOS devices. 

Vx-underground, a distributor of malware source code, discovered documents that represented a proposal from Intellexa, a company that provides services like Android and iOS device exploits. On Wednesday, it shared several screenshots of documents that appeared to be part of an Intellexa business proposal on Twitter.

Europe is the base of Intellexa, which has six locations and R&D facilities there. According to a statement on the company's website, "We help law enforcement and intelligence organizations across the world reduce the digital gap with many and diverse solutions, all integrated with our unique and best-in-class Nebula platform."

A Greek politician was the target of Intellexa, a Cytrox iPhone predator spyware program, according to a Citizen Lab study from last year.

The Intellexa Alliance, which Citizen Lab defined as "a marketing term for a range of mercenary surveillance companies that emerged in 2019," included Cytrox, according to Citizen Lab.

Spyware threat 

The product specifically focuses on remote, one-click browser-based exploits that let users inject a payload into iOS or Android mobile devices. According to the brief explanation, in order for the exploit to be used, the victim must click on a link.

The docs, "classified as proprietary and confidential," according to Security Week, confirmed that the exploits should function on iOS 15.4.1 and the most recent Android 12 upgrade." The fact that Apple released iOS 15.4.1 in March indicates that the offer is current.

The deal gives a "magazine of 100 active infections" in addition to 10 concurrent infections for iOS and Android devices. A sample list of Android devices that an attack would allegedly be effective against is also displayed in the stolen documents.

Last year, Apple sued NSO Group to prevent the business from using its products and services. It implies that the offer is relatively new. Since then, three security patches for the mobile operating system have been released.

This indicates that Apple might have addressed one or more of the zero-day vulnerabilities utilized by the Intellexa iOS attack, but it's also feasible that the exploits provided by these kinds of businesses could stay unpatched for a considerable amount of time.

The buyer would actually receive considerably more for the $8 million, despite the fact that some have claimed that this is the cost of an iOS hack. The offer is for a whole platform with a 12-month guarantee and the ability to evaluate the data obtained by the exploits.

The documents are undated, but according to vx-underground, the screenshots were published on the hacker forum XSS in Russian on July 14. While there is a wealth of technical knowledge available about the exploits provided by spyware companies, nothing is known regarding the prices they charge clients.

According to a 2019 estimate from India's Economic Times, a Pegasus license costs about $7-8 million each year. Additionally, it is well-known that brokers of exploits are willing to pay up to $2 million for fully automated iOS and Android flaws.



Read more »
Subscribe to: Posts (Atom)