Poland’s Prime Minister Donald Tusk said his predecessors had used the Israeli Pegasus spyware to illegally monitor political and (probably) other opponents, according to reports.

Tusk is quoted by The Insider, an independent Russian news site, as saying:

“I have a document that, unfortunately, confirms 100 percent the purchase and use of Pegasus legally and illegally. The list of victims of these practices is unfortunately very long.

This document, which I have in my hands, unfortunately, confirms what we feared most. At the initiative of the Central Anti-Corruption Bureau of Poland, a request was made for funding for Pegasus from the Justice Fund, which was confirmed by the Minister of Justice.”

Poland’s Justice Fund, or more accurately “The Victims and Post-release Assistance Fund” was established in 2017 and is administered by the Ministry of Justice. It is intended to assist victims and witnesses of crime, prevent future criminal acts and to provide post-release assistance to prisoners.

Advertisement

The justification for acquiring the spyware using these funds will no doubt raise questions aimed at the former Justice Minister, Zbigniew Ziobro, who held the post from 2015 - 2023.

What is Pegasus spyware?

Pegasus was developed by NSO Group, an Israeli-based “cyberarms” firm founded in 2010. It was created to collect data, primarily from cell phones, but also other computer systems. The spyware is particularly potent as it works through “no-click exploit” activation. The victim only has to open an SMS, message or application in which the spyware has been “injected” to activate it.

Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised
Other Topics of Interest

Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised

A cybersecurity firm said it detected the virus during a threat-hunting exercise, though it called it the “work of an inventive but relatively inexperienced developer” that has been mostly confined.

Pegasus is constantly updated to find vulnerabilities in publicly available applications that allow it to infect the users phone even if they don’t open the message.  Once a phone has been infected with Pegasus, the program gains full access to passwords, photos, messages, contacts, geolocation data, camera and microphone on the infected device.

Advertisement

NSO Group claims that it only supplies the program to vetted and approved government entities, in line with Israeli export legislation and that the spyware is intended only to be used to gather information against terrorists, serious criminals or other national threats.

There are literally thousands of examples of the misuse of the technology shown not only by human rights organizations, such as Amnesty International but also the European Parliament in its use of Pegasus and equivalent surveillance spyware (PEGA) investigations.

The NSO Group has been sued twice in recent years by the “Whatsapp” messaging platform and by Apple in 2021 because they had developed methods of exploiting a whole range of weaknesses in applications that allowed the spyware to be covertly injected to infect thousands of users.

In its defense the NSO Group did not deny creating the exploit but said it played no role in identifying or targeting victims.

Who uses Pegasus?

It has to be assumed that dozens of governments friendly (and many unfriendly) to Israel have taken the opportunity to acquire the system. A large number of NSO Group’s clientele are from countries that are not too concerned about human rights and freedom of information and even some of those that are ostensibly “democratic,” have been accused of misusing the program.

Advertisement

The system that advertises itself as only to be used against “serious criminals and terrorists,” has seen many human rights activists, journalists, and, as in Poland’s case, opposing government politicians become victims of Pegasus.

A September 2023 report by the Parliamentary Assembly of the Council of Europe (PACE) stated that several European nations are suspected of using PEGA systems illegally and called on members of the EU by name to “clarify the framework of its use and applicable oversight mechanisms” and to undertake “effective, independent and prompt investigations” on all confirmed and alleged cases of spyware abuse.

Does Russia use Pegasus?

There are reports that a number of US law enforcement agencies including the Drug Enforcement Agency (DEA), Department of Justice and the Federal Bureau of Investigation (FBI) decided not to use it.

Investigations by the Canadian Citizenlab cybersecurity center suggests that Russia has not been supplied with Pegasus and instead uses another data extraction software system developed in Israel. This is the “Universal Forensics Extraction Device (UFED)” made by Cellebrite, which is also marketed as being designed for the “extraction and analysis of data from mobile devices by law enforcement agencies.”

Advertisement

UFED differs from systems like Pegasus as it is not remote spyware delivered by “piggybacking” on another application but is transferred to the target device by simply touching it.

Cellebrite claimed at the end of 2021 in an announcement that it no longer supplied its UFED system to Russia or Belarus and said it had included a “Shutdown Code” that allowed it to remotely disable the system. However, The Insider reported that UFED training sessions were still being held for Moscow’s security forces and had been used to unlock phones to check for support to Ukraine in the occupied territories.

Are you at risk?

Pegasus and other similar Advanced Persistent Threat (APT) “no-click exploit” toolkits are sold to nation states at relatively high prices, with full deployment often costing millions of dollars. So, unless you are engaged in activity your or other governments could take exception to, you’re unlikely to be at risk.

According to the Kaspersky blog site if you do become a target it’s not a question of “whether you can get infected,” but it’s just a matter of time and resources before they get you. They then provide a long, complicated list of technical and operational steps you can take to protect yourself, which for ordinary people are mostly impractical.

Advertisement

A Feb. 1 AP report cites the Palestinian-American journalist, Dauod Kuttab, who was hacked with Pegasus three times, who says he no longer clicks on links in messages even if they seem to come from known contacts and says that as a journalist in the Middle East “I always assume that somebody is listening to my conversations, [it] comes with the territory.”

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter

Comments (0)

https://www.kyivpost.com/assets/images/author.png
Write the first comment for this!