NSO Group CEO Shalev Hulio Claim that Facebook tried to buy a Pegasus Spyware to monitor better their users especially access to the Apple user’s data and their activities.
Pegasus is a powerful commercial spyware developed by Israel based spyware maker NSO group, also known as Q cyber technologies.
The company claimed that they sell its spyware only government and law enforcement agencies for tracking criminals and terrorists, but it alleged that their technology also used to target the individual users around the world
Oct 2019, Facebook filed a lawsuit against the NSO group in the U.S district count in northern direct of California for hacking its WhatsApp messenger by exploiting the zero-day vulnerability using Pegasus to steal the WhatsApp users data.
Now, the Defendant of this case, NSO group or Q cyber technologies CEO and the major shareholder of the company Shalev Hulio declared that two Facebook representatives approached to NSO group to purchase the right to use certain capabilities of Pegasus spyware.
During the time, Facebook was in an initial stage of deploying the VPN Product called Onavo Protect that helps Facebook to analyze the user’s traffic and their activities and send them through the VPN.
Onavo Protect, acquired by Facebook in 2013, was available for Android and iOS.
It used VPN tunneling to wrap users’ internet connections in encryption, shielding their information as it traveled over untrusted and insecure Wi-Fi networks and the like.
The iOS version also blocked harmful websites. However, the software blabbed telemetry about its users to Facebook as well as routed connections through Onavo servers, which could monitor people’s online activities.
The application was forced out of the Apple iOS store in 2018 for siphoning information about other programs installed on devices, and discontinued in May 2019.
The NSO Group CEO started his declaration in the Court document “Onavo Protect, which has frequently been categorized as “spyware,” allowed Facebook to gather information about Onavo Protect users, including the applications installed on those users’ mobile devices and the amount of time the users spent on each application. “
…..Also, Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices.
Facebook requested to NSO group that they wanted to use purported capabilities of Pegasus to monitor the users on Apple devices and was willing to pay for the ability to monitor Onavo Protect users.
Shalev Hulio also stated that ” Facebook proposed to pay NSO a monthly fee for each Onavo Protect user.
Facebook is a private entity and not a sovereign government or government agency for national security and law enforcement purposes and therefore does not meet NSO’s customer criteria and NSO group declined the sale”
Facebook Spokesperson stats that “NSO is trying to distract from the facts Facebook and WhatsApp filed in court over six months ago. Their attempt to avoid responsibility includes inaccurate representations about both their spyware and a discussion with people who work at Facebook. “
“Our lawsuit describes how NSO is responsible for attacking over 100 human rights activists and journalists around the world. NSO CEO Shalev Hulio has admitted his company can attack devices without a user knowing and he can see who has been targeted with Pegasus. We look forward to proving our case against NSO in court and seeking accountability for their actions.”
The case has been unusual from the start, with Facebook filing suit after first deleting NSO workers’ personal Facebook accounts. The spyware maker then missed its scheduled court appearance because, it was alleged, Facebook did not properly serve its paperwork.
NSO reckons Facebook’s accusations are baseless because it only sells its software to government departments and agencies, and does not operate the tools itself.
Thus, we’re told, it didn’t hack anyone itself, and it cannot be held accountable for the actions of its customers. NSO also noted it only deals with governments allowed under Israeli export laws.
Further, NSO contended the court, in Oakland, California, does not have jurisdiction to hear this case due to America’s Foreign Sovereign Immunity Act, and it argued that the actions described in the lawsuit wouldn’t even run afoul of its spyware’s terms of service.
Facebook removed the Onavo Protect from the App Store and Google Play as well due to the suspect of monitoring the users.
What is Pegasus?
Pegasus is a malware that NSO Group developed, which, when installed on a phone, hoovers all communications (iMessage, WhatsApp, Gmail, Viber, Facebook, Skype) and locations.
It can be installed on a target’s phone through a few different means: exploiting vulnerabilities such as the WhatsApp one, sending infected links to targets (spear phishing), social engineering. This isn’t a new malware, and has been around since at least 2016.
What Pegasus can do:
- Intercept communications sent to and from a device, including communications over iMessage, WhatsApp, Skype, Telegram, etc.
- Remotely turn on phone’s camera and microphone to capture activity in phone’s vicinity
- Use GPS functions to track a target’s location and movements.
“This malware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by operators,” according to Citizen Lab.
In 2016, the NSO Group used Pegasus to exploit three unpatched iOS vulnerabilities. As a result, they broke into iPhones with just one click of a link in a text. These vulnerabilities were patches with iOS 9.3.5.
In a July 2019 sales pitch for Pegasus, the NSO Group said that it could “surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft”, the Financial Times had reported.
Whom has Pegasus targeted?
Analyses from University of Toronto-based Citizen Lab and cybersecurity firm Lookout revealed that NSO had supplied spyware products to UAE, Saudi Arabia and Mexico. Over 100 cases of abusive targeting of human rights defenders and journalists have been identified in at least 20 countries across the globe.
In India, the more than two dozen targeted users include Nagpur-based Human Rights lawyer Nihalsingh Rathod, Adivasi activists Bela Bhatia and Degree Prasad Chauhan, Shalini Gera of Jagdalpur Legal Aid Group, Anand Teltumbde, a former BBC journalist Shubhranshu Choudhary, amongst others.
Perhaps the best known case would be that of a close confidant of Jamal Khashoggi — Omar Abdulaziz, a Saudi activist and Canadian permanent resident, back in 2018. On whether Khashoggi himself was targeted, NSO’s CEO Hulio had said, “Khashoggi was not targeted by any NSO product or technology, including listening, monitoring, location tracking and intelligence collection.”