A consortium of vehicles revealed last Sunday (16) that the well-known spyware Pegasus was mainly spying on cell phones of human rights activists, journalists, lawyers and other groups. In Brazil, the government would have even tried to buy the program from the NSO Group (Israeli company that developed the solution).
O TechWorld consulted Daniel Barbosa, an information security specialist at the cybersecurity company ESET, to talk about the subject and how sensitive Pegasus is for the national territory, as it was already detected circulating here in 2018.
First, Barbosa explains that the malware is an APT (Advanced Persistent Threat), a specific type of malicious software that performs sophisticated attacks to steal data and spy on sensitive information, for example.
The expert explains that it is possible to track this and other types of malware based on “compromise indicators”, which are types of fingerprints on the programs. In the case of Pegasus, however, its traceability is quite difficult, as it has advanced concealment techniques.
Despite this, Barbosa explains that it is unlikely that common users have their smartphones infected. “Pegasus was designed to be traded with governments, it is not malware found to be sold to anyone. Therefore, the probability of having ‘single’ operators of this malware operating anywhere in the world is very low,” he points out.
Risks to freedom
Even if “ordinary people” are not exposed at this time to the risk of having leaked WhatsApp message details, phone calls, camera and microphone, the malware poses a great danger.
Barbosa explains that the NSO Group negotiates the tool with governments and that this can pose risks to citizens. Just as the case narrated this week points out that those being watched were journalists, opposition politicians, human rights activists and others, in some time the targets may be different.
“Today, the threat may have a focus on X positions, but tomorrow Y positions may also be ‘monitored’. Therefore, it is necessary for all of us to be more and more concerned with information security and pay more and more attention to issues related to privacy, so that fundamental rights of citizens are not compromised”, he defends.
Because of this, he says that everyone should be aware and take measures to protect personal information, even in cases where cybercriminals are looking for money and not necessarily spying on the victim.
The expert recommends being careful with access to unknown websites, avoiding suspicious files downloading and always being suspicious of strange contacts. In addition, he emphasizes the importance of installing protection software that works in layers, and they must always be up-to-date and properly configured.
Attempt to purchase the technology
Like other nations that reportedly own Pegasus, the Brazilian government would have tried to buy the controversial Israeli spying technology. A tender (n° 03/2021) was opened by the Ministry of Justice and dedicated an amount of R$ 25.4 million to the acquisition of a “data search and consultation” tool.
According to a May report from UOL, the son of the president of the Republic and Rio councilor, Carlos Bolsonaro (Republicans), would even have articulated to remove entities such as the Institutional Security Office (GSI) and Abin (Brazilian Intelligence Agency) from the bidding process.
According to sources in the vehicle, the politician’s intention was to expand a “parallel intelligence group” in the government. The participation of the NSO Group in the electronic auction was confirmed by sources from the Brazilian Intelligence System (Sisbin), and, later, the Israeli company withdrew from the bid for undisclosed reasons.
At the time, Councilor Carlos Bolsonaro did not officially respond on the matter. Hours after the stories aired, he published a reference to the anime Knights of the Zodiac, saying that the character Seiya was “the only Pegasus” he knew.
The only Pegasus I know. When I was a kid, I always watched! That must be what they got confused! Now all makes sense! pic.twitter.com/y1QUE13iM9
— Carlos Bolsonaro (@CarlosBolsonaro) May 19, 2021
Response from NSO Group
O TechWorld contacted the NSO Group to question its relationship with the Brazilian government. By email, the company explained that “for contractual and national security reasons, it cannot confirm or deny the identity of government customers.” According to the company, they also cannot comment on former government customers who have already had their systems turned off.
In a statement, the company also denied all facts attributed to it, including information that Pegasus had “tapped” more than 50,000 cell phone numbers around the world. The Israeli company even called the story released this weekend “fragile”, “full of false assumptions” and with “unsupported theories”.
The company argued that its technology has helped to prevent and investigate cases of pedophilia, terrorist and suicide attacks, drug trafficking, kidnappings and other types of crimes. She also maintained that she investigates the misuse of her tool.
“NSO Group will continue to investigate all credible allegations of misuse and take appropriate action based on the results of these investigations. This includes shutting down a customer’s system, something the NSO has proven its ability and willingness to do due to to confirmed misuse, which it has done several times in the past and will not hesitate to do it again if the situation warrants,” he concluded.