behind the scenes of the hunt for sophisticated spyware

By Florian Reynaud

Posted today at 6:00 p.m., updated at 6:52 p.m.

How to unmask surveillance technologies? By lending itself to the cat-and-mouse game, as do a handful of computer security experts who track down the complex technical traces left by sophisticated software, Pegasus, which goes to immeasurable efforts to hide its presence and shirk. The painstaking work carried out by the consortium coordinated by Forbidden Stories on this cookie, marketed by the Israeli company NSO Group, shows the misguided use and contrary to international law made of it by several states. An investigation that the company NSO, contacted by the “Project Pegasus”, contests, stating in particular that “Many of these accusations are unsubstantiated theories, which cast serious doubts on the credibility of your sources, as well as on the heart of your investigation.”

This elusive tool, which infects smartphones and extracts a massive amount of information from them, does not appear on the victims’ home screen, nor does it install icons or produce notifications. For Amnesty International researchers, it was necessary to approach targeted activists and journalists and thoroughly explore the traces present on their phones. Technical findings that also made it possible to confirm the authenticity of the list of numbers preselected by NSO customers for possible surveillance, which Forbidden Stories consulted. In a long technical report published Sunday July 18, and peer-reviewed, Amnesty International details how this very sophisticated cookie works.

An increasingly complex hunt

Pegasus was first examined in 2016 by researchers from the Canadian Citizen Lab. An Emirati opponent, named Ahmed Mansoor, had at the time received on his iPhone a suspicious text message from a number he did not know, inviting him to follow a link. The IT security experts who assisted him were able to set up a secure environment to analyze this link. Clicking on it brought you to a web page containing computer code exploiting software flaws in order to force the security of Safari, the iOS internet browser, to download and install spyware.

In 2019, while searching the phone of a Moroccan journalist, Amnesty International researchers were able to discover suspicious links to which the target had been redirected, as she sought to visit an unrelated website.

You have 49.56% of this article to read. The rest is for subscribers only.