Cybercrime is set to cost the world 10.5 Еrillion dollars by 2025. This is larger than the entire GDP of Germanyб France and the UK combined in 2021. But what if I told you that the world’s most dangerous virus is completely legal and could be running on your phone right now without a trace?
Introducing Pegasus – the world’s most dangerous computer virus. Why is it so dangerous? The virus grants almost complete access to your device. And to get infected, you don’t need to click a link, download something by mistake, or do anything. Pegasus tracks everything you do with or near your smartphone and does so undetected.
A government anywhere in the world could be accessing your phone, learning all of your activities, and using that information against you or those around you.
Simply put, Pegasus is a malware program, which is a small viral file that is typically delivered online. A malware file may allow the tracking of how a computer is used and even its immediate environment, but exactly what it does depends on how it was programmed.
In the case of Pegasus, the access is nearly complete; it enables hackers to record phone calls, track location, use the phone camera to take photos or videos, read text messages, and much more. The system then passes back this data to the person who planted them out where.
The name comes from Greek mythology. A nod to the winged horse of the same name. It was first discovered in 2016 when it was found in a message to the iPhone of a human rights activist named Ahmed Mansour. Mansour forwarded the link to the citizen lab of the University of Toronto, who were able to work out its capabilities. At the time the virus was programmed to exploit three specific unknown security vulnerabilities.
These vulnerabilities were found in phone apps and allowed the Pegasus file to infiltrate a phone without the knowledge of users.
The Pegasus malware has existed since at least 2013, having taken so many years to discover, and has proven to be very high profile in its use. The killing of journalist Jamal Khashoggi and the Saudi Arabian Consulate in Abu Dhabi for example resulted in a lawsuit against the makers of Pegasus by friends of Khashoggi who alleged the Saudi government used it to spy on them.
In late 2021, it was proven that Pegasus had been on the phone of Khashoggi’s wife for several months, placed there by a government agency.
The information gathered before his death in 2018 may have led to Kasogi becoming a Target. And the connection is explored in the Frontline documentary on Kasogi produced by PBS.
Many people first heard of Pegasus when it was used to hack Amazon boss Jeff Bezos in 2018, the same year Kasogi died. The Bezos hack is likely connected to WhatsApp messages exchanged with Saudi Prince Mohammed bin Salman, who Bezos’s Washington Post had been critical of. The hackers had access to Bezos’s phone for months. As well as compromising his business privacy the hack also notably led to the destruction of Bezos’s marriage. This was after leaked texts publicly revealed his affair with reporter Lauren Sanchez.
The reason Pegasus is a particularly dangerous example of this kind of spying is that it is sold specifically to governments often for millions of dollars. Made by the Israeli NSO group the purpose officially is to track and trace terrorists and their activities. However, in practice, the way Pegasus is used is suspected to often be quite a lot more underhanded.
Since its introduction, Pegasus has gone through several versions each more powerful and capable than the last. In its newest form, if the malware is installed on your device then nearly everything you do involving or close to your smartphone becomes available to the user. Pegasus does this by exploiting security bugs. A type of security-related programming error, in things like software packages and operating platforms.
Specifically, Pegasus looks for something called zero-day vulnerabilities which are security issues that are known by some top security specialists but not yet known by the programmers who created the software. These weaknesses which can be found across all operating systems allow Pegasus to exploit the system to gain admin rights to a smartphone or other device which in turn grants extensive access.
The easiest way for Pegasus malware to arrive on a device is via a disguised link. though there are far more subtle methods too. At one stage for example, a security issue meant that simply making a call to a device via FaceTime on the iPhone allowed Pegasus to install itself. that security glitch thankfully has now been fixed. but new ones are always being filmed. When a government wants to make use of a program like Pegasus it is nearly impossible to prevent. to the point that some Security Experts simply recommend throwing out a smartphone as the best solution. or of course not carrying a smartphone at certain strategic times to allow for privacy. Others suggest removing a camera from the device or other functionality that poses a clear security risk. A more practical, if an incomplete, solution is keeping a smartphone fully up to date, which helps limit the security gaps that Pegasus can operate through as companies learn of them.
Remember, though, that Pegasus often targets security gaps that the programmers are not yet aware of. In its most modern formats Pegasus is incredibly extensive; it essentially uses your phone at the same time as you anonymously pull in huge amounts of data and supply that data back to whoever placed the malware. So why should this worry you? Of course, you’re most likely to be at risk if you do something that your government won’t like. while terrorist tracking is the official purpose of Pegasus It’s quite likely to have been used around the world for things ranging from tracking protesters to learning about the activities of political opponents. With use highly secretive and likely to be subject to protest in itself if discovered, it is hard in practice to know quite how governments are using the software.
What is certain though is that it has been used against some journalists and activists, with the not-for-profit Forbidden Stories doing a wide-reaching expose in 2021. They even found that relatively modern states like Hungary and Poland have abused the software. While another investigation uncovered 10 other states using the malware, including India, Mexico, and Morocco. in fact, research done by Amnesty International found 50 000 specific targets, including 180 journalists from 20 countries. They included journalists from CNN, Al Jazeera, the Financial Times, and the Wall Street Journal. That’s likely the tip of the iceberg. After all, It would be a bit naive to think the amnesty report caught everything. While the average person might feel their data isn’t worth stealing, and in comparison to journalists and politicians perhaps it isn’t, it’s also true that data is now used in everything from advertising to monitoring behavior. So everyone’s data has some value.
While there is certainly something to be gained commercially in tracking the average person on the street and due to its very nature nobody, including its makers, likely knows quite how widespread Pegasus actually is. it is thought to still be in the hands of governments alone which is somewhat reassuring when you think about how its wider use could be abused. One of the best efforts to work out just how common the malware is was by the Pegasus Project, which saw major media organizations from around the world investigate the malware.
Over 80 journalists from publications including the Wall Street Journal, Guardian, and LaMont spent months working on Amnesty International’s list of 50 000 phone numbers and trying to establish its accuracy. They were able to link many of the phone numbers concerned to the Pegasus spyware. Despite this, Pegasus makers denied a connection. This is an attempt to build something on a crazy lack of information. There is something fundamentally wrong with this investigation. They also claim that the list has nothing to do with us; in fact, despite Pegasus’ abuse, the NSO group consistently defends the software in the same way. they say that they provide authorized governments with technology that helps them combat terrorism and crime. Naturally, your feelings about Pegasus’s use might depend on the extent of your trust in various national governments, but the more skeptical experts point out that as well as the NSO group app producers have a degree of responsibility here; they are, after all, providing the apps that have security vulnerabilities to so many mobile devices.
Experts feel tech companies’ rewards for finding such vulnerabilities are not enough to compete with the black market values of the same information. Apple, for example, tops out its bug bounty at two hundred thousand dollars. while the black market value of some bugs could be in the millions. as it has developed Pegasus has expanded. the amount of information that can be accessed has expanded too. And even includes access to Wi-Fi passwords through a device.
A version that targets Android phones has been found and dubbed Chrysaor after Pegasus’s brother in the Greek myth; the list of countries where the software is used or has been deployed is ever-expanding. The FBI is thought to use the software in the US, and it’s been found on the phones of several State Department employees. At least two EU officials have been targeted, while Israel’s refusal to sell the software to Ukraine to assist with their defense against Russia is widely seen as a sign of Israeli support for Russian leader Vladimir Putin.
Naturally, you might want to know why such a thing is legal. It’s legal in most places only where it is used with permission. The software has a genuine practical application. It could be on a government official’s phone for the purpose of recording their environment or meetings. for example, enabling a simple smartphone to appear normal while being used to protect or take in information. The fact that many uses of the malware are illegal does not make Pegasus itself illegal in principle. The Silver Lining to the story is that Amnesty International has come up with a way of detecting Pegasus. The tool is explained thoroughly on the Amnesty International website and is definitely worth considering for anyone with serious worries. The tool copies the entire contents of a phone onto a computer and then examines it for signs of Pegasus. Some level of computing knowledge is helpful but not necessary. At the end of the day, Pegasus is a scary reminder that our private information isn’t as private as we might like to think it is.