Expert On Revealed: Leak Uncovers Global Abuse Of Cyber-surveillance Weapon

BACKGROUND:

Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

Subscribe
Notify of
guest
3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
InfoSec Expert
July 19, 2021 5:43 pm

<p>Attack attribution in the reported cases is highly complex and unreliable. First, some legitimate end-customers could have shared the cyber warfare with their foreign partners in exchange for valuable data, 0day exploits or sophisticated spyware – this is a widespread practice. Security teams in charge of such data and intelligence sharing – are not necessarily experts in human rights protection and may negligently or unknowingly share the software with some grey or even black-listed jurisdictions. Moreover, individual security analysts, employed by the trusted countries, may occasionally break internal rules and unlawfully share the cyber-warfare with unauthorized third parties, as anti-insider security controls have low technical efficiency in such environments. Finally, the legitimate end-customers could have been hacked and compromised, eventually exposing access to the software to unauthorized threat actors. In any case, legal action against NSO is likely futile, and the media hype around the alleged incident – rather brings publicity to the NSO.</p>

Last edited 11 months ago by Ilia Kolochenko
Brian Higgins
Brian Higgins , Security Specialist
InfoSec Expert
July 19, 2021 5:45 pm

<p>Pegasus has been around for some time now and there have been a number of stories related to abuses of its design purpose. Unfortunately, this kind of activity is nothing new in the world of Tech. Bitcoin was developed as an alternative to Fiat banking systems and micro-payments but now it underpins the global criminal economy. Whilst the proprietary Pegasus software belongs to NSO Group and they do their best to control its deployment contractually there will always be consumers who will seek to re-purpose its functionality to their own ends. This story is still developing but it is already apparent that the numbers of potential victims quoted do not accurately reflect the amount of malicious activity currently facilitated by this software. It is an unfortunate reality that talented developers can never totally understand the full spectrum of uses their ideas may fulfill in the future.</p>

Last edited 11 months ago by Brian Higgins
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
July 19, 2021 5:46 pm

<p>Spyware can be a powerful tool in the ammunition used to attack cybercrime and terrorism, but any tool used for good also opens itself up to be exploited by malicious actors. Spyware such as Pegasus is powerful enough to run on a device without even a click or a tap from the victim, making it difficult for potential targets to protect against. This zero-click technology makes it extremely dangerous, and until a patch is developed, potential victims must err on the side of caution – protecting their privacy wherever possible, such as having private conversations away from their devices. Keeping phones clean with limited apps and updating to the latest operating system also reduces the chance of being infected. WhatsApp and other communication tools are thought to have been used to infect devices so if possible, it may be a good idea to have such apps on a separate phone.</p>

Last edited 11 months ago by Jake Moore
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x