Pegasus (also known as Trident) is a red team tool (software package) that some people have classified as malware and/or spyware. Basically it empowers the offense security team with very strong capabilities and was created by the Israeli cyber-security firm NSO Group.
The software primary targets Apple’s iOS and Google’s Android mobile operating systems. It has the intrinsic capability to attack specific mobile applications and exploit them leveraging previously undisclosed vulnerabilities within them. The list includes WhatsApp, Telegram, Skype, Viber, iMessage, and others. The exploits usually result in the red team attacker being able to read or intercept text messages within these applications, from the user’s device.
Pegasus works like many malware programs, sending a link to the victim’s phone. When the user clicks on that link, the software allows the attacker to gain access and start reading text messages, tracking calls, monitoring the phone location, collecting passwords, and gathering information from a wide number of on-system applications.
The usual cat-and-mouse game applies to Pegasus. As systems and application vulnerabilities are discovered, manufacturers provide patches for their systems. This would normally limit the ability of Pegasus to take advantage of and gain unauthorized access. However, the core Pegasus software is constantly updated to work around OEM patches. This has happened several times in the past.
The NSO Group claims that it provides, "…authorized governments with technology that helps them combat terror and crime." However, it cannot be a leap of the imagination to realize the power of this software could easily be used for illegitimate or even illegal purposes. And that has apparently already happened.
It appears the software has been used by several state actors within governments as a cyber-weapon. Controversy has risen due to some governments that have purchased and used the software to explicitly target human rights activists having opposing views from government. Evidence is high that it has been used to trample basic privacy rights, and in some cases, eliminate due process rights of citizens within the user’s country. There have been indications of attacks initiated in one country against individuals in other countries. The software has also been used for non-political purposes, targeting individuals for embarrassment, discredit, and even blackmail.
I find it interesting that we seem to be moving into an age of blurred lines. What was clearly right and wrong in the business world a couple of decades ago does not seem to be readily apparent now. It feels this type of software would have been clearly identified as harmful in intent 20 years ago. Pegasus is mainstream and touted as a morally sound product.
For fans of The Godfather, is this where ‘the business goes legit’?
Am I getting old?
I simply ask that you please maintain your moral compasses in a world that, from an older guy’s perspective, seems to be slowly adding powerful magnets in it.