Missing some Tweet in this thread? You can try to force a refresh
You may have heard of Pegasus, a cyber weapon used by intelligence agencies to hack into the devices of political opponents.
Who created it? Which countries buy it? We'll tell you in the thread. 1/25 👇
Pegasus was created by NSO Group, an Israeli company specializing in the development of tools in the field of computer security and cyber espionage. The developers claim that they sell the program only to states so that they fight terrorists and criminals. 2/25 👇
In theory, Pegasus is able to access everything on the device - calls, SMS, files, social networks, instant messengers and geolocation. You can also turn on your microphone or camera and discreetly record what is happening nearby. 3/25 👇
As of 2020, Pegasus was installed on 50 thousand devices. And known targets include political dissidents, lawyers, journalists, human rights activists and politicians. 4/25 👇
Patient zero, with the help of which Pegasus was first discovered, was the famous dissident from the UAE Ahmed Mansour Al-Shehi. In 2016, he received an SMS with a link allegedly to material about torture in the country, but the human rights activist turned out to be smarter. 5/25 👇
He provided the link to The Citizen Lab, which deals with cybersecurity issues. Experts verified the message with Lookout and found that opening the link would have infected the device with highly sophisticated spyware. 6/25 👇
However, the UAE authorities soon sentenced Ahmed Mansour to 10 years in prison for “publishing fake news” about the United Arab Emirates. This reminds us of something... 7/25 👇
In 2020, unknown individuals leaked a list of Pegasus victims to the Forbidden Stories organization. Based on it, a large-scale investigation was carried out, in which Amnesty International and 17 media outlets around the world participated. 8/25 👇theguardian.com/world/2021/jul…
How it works? From 2016 to 2018, the preferred method was a phishing attack. The person was sent a message with a link that should interest him, and the site address was disguised as some real one. 9/25 👇
When a person clicked on the link, the attackers checked whether the specific device was supported and whether it had a vulnerability through which Pegasus could penetrate. If unsuccessful, he was redirected to the real page. 10/25 👇
Then developers began using zero-click attacks, which rely on software vulnerabilities and do not require user error. 11/25 👇
Pegasus first needs to find a vulnerability in the process to be able to run malicious code. For example, using push notifications or messages in iMessage and WhatsApp. Then vulnerabilities in the operating system come into play. 12/25 👇
To gain full access to the device, the attacking party needs to get out of the so-called “sandbox” - an isolated software environment in which applications run. It happens instantly. 13/25 👇
Any device or program has vulnerabilities. Developers regularly find and fix them. But until it is eliminated, you can use it freely. Vulnerabilities that developers are unaware of are called zero-day vulnerabilities. 14/25 👇
Different device models, OS versions and application versions will have their own set of vulnerabilities, so one solution will not work for everyone. But, if you have the resources, you can create a “catalogue” of vulnerabilities, which will contain an attack vector for most popular devices. 15/25 👇
Developers pay to find vulnerabilities, but often less than black market prices. For example, in 2016, Apple offered a maximum of $200 thousand for identifying vulnerabilities in devices. Google and Microsoft are half as much. 16/25 👇
At the same time, vulnerability buyers offered up to a million dollars for such finds. Today, the price for discovering a zero-click vulnerability in the latest version of iOS can reach $10 million. 17/25 👇
How much does it cost? NSO Group supplies Pegasus in the form of a software and hardware complex: servers and software. In addition to the installation license, customers pay to jailbreak each individual device. 18/25 👇
Information on the cost of Pegasus is not disclosed today. Eight years ago, according to an investigation by The New York Times, the license was sold for $500,000. A package for 10 device hacks costs $650 thousand. There is no doubt that it is even more expensive now. 19/25 👇
Previously, all information about the use of Pegasus came from totalitarian and authoritarian regimes. But in recent years, it has been increasingly used by European governments to spy on political opponents. 20/25 👇
🔹In 2019, Pegasus was purchased by German security forces 🔹In Spain, Pegasus was used to spy on supporters of Catalan independence 🔹In Poland, the Law and Justice party was accused of massively purchasing Pegasus licenses to spy on the opposition 🔹In Hungary, the software was used to spy on journalists 🔹Estonia purchased Pegasus in 2019 and carried out attacks in other EU countries. In total, the use of Pegasus was recorded in 14 European countries. 21/25 👇
Formally, the Russian Federation is deprived of access to Pegasus due to war and sanctions. However, in 2023, the phone of Meduza publisher Galina Timchenko was infected with spyware. It is not yet clear who was behind this. 22/25👇accessnow.org/publication/ha…
Perhaps the Kremlin was able to agree on the continuation of Pegasus supplies, bypassing the sanctions. Another option is that European security forces carried out the operation on their own initiative or in cooperation with Russian ones. 23/25 👇
If there is a Russian trace in this story, this only means that the intelligence services of different countries will always be able to agree and help each other, regardless of wars and sanctions. 24/25 👇
We tell you more in the video on the First Department channel: 25/25 👆
• • •
