Seventeen news organizations around the globe have launched Project Pegasus, a hard-hitting investigative report of the Israel-based NSO group.  The news project is eponymously concerned with Pegasus, the cyberespionage tool developed by the NSO Group.

What Is The Pegasus Software?

The NSO Group Pegasus software is designed to give the license holder of the software complete control of the smartphone that has the malware installed. This includes control of the camera and microphone and access to all data on the device and any cloud-based account permissions configured on a device. Reports are that this software is so advanced that it required very little user action, in most cases just a simple clicking of a link or viewing of page.

What Has The Investigation Revealed?

At the center of the investigation are licensing agreements (approved by the Israeli government) to countries such as Saudi Arabia and the successful hacks of 37 smartphones belonging to reporters, social activists, business leaders and the two women closest to murdered Saudi journalist Jamal Khashoggi.

Although NSO Group denies just about everything in the media reports, investigators claim that the spyware is so advanced that it will exploit multiple vulnerabilities including, it is assumed, many that no one knows about yet.

The Guardian summarized the attack paths as:

Pegasus attack is very simplistic in its transmission and silent in releasing its payload. The attack begins when the intruder sends a website URL (through SMS, email, social media, or any other information) to a classified target. The user only has to take one action click on the link. Once the user clicks the link, the software silently transfers out a series of exploits towards the victim’s device to remotely jailbreak it so that the surveillance software packages can be installed. The user’s only sign that anything appeared will be that the browser terminates after the link is clicked.

OODA Assessment:

The NSO Group is not the only company operating in this space, another which has received media attention is Cellibrite. It is interesting that media reports on both NSO Group and Cellibrite do not indicate that China and Russia are customers. We only mention that because it is logical to assume that both China and Russia have their own capabilities to do these types of attacks.

Experience indicates that this will not be the last time this type of story is in the news. As underscored in Nicole Perlroth’s book This Is How The Tell Me The World Ends, there are a number of organizations seeking to create and profit from exploits of technologies. We should assume this type of dynamic will always be with us.

Project Pegasus may be the tipping point of what has been a growing trend in both the frequency and scale of cybersecurity breaches (read: SolarWinds and Kaseya, amongst many others) and emerging cyberthreats (US Accuses Chinese Officials of Running Data Theft Ring) and the frequency and scale of the mainstream media coverage of the same.

Long term, it is safe to assume Project Pegasus will light a fire under policymakers regarding the growing specter of cybersecurity and cyberthreats worldwide.

What To Do Now:

Security and risk management professionals should be able to determine immediate risks from this initial round of coverage. Some of the most important things to do are probably already on your list. This includes:

• Always keep your OS and all applications up to date, turn on automatic OS updates.
• Be suspicious of any link that comes in from any source
• Switch your DNS to a DNS service that offers a dynamic DNS level firewall (like Quad9.net)
• Put Two Factor authentication on everything
• Protect executive communications using Wickr
• Enterprises should bring all mobile devices under enterprise management using top tier capabilities (ask us for recommendations, which will vary depending on your environment).
• Ensure you use the appropriate threat model for executive travel (see the Traveling Executive’s Guide to Cybersecurity )

For more reading:

The Project Pegasus news organizations are:

Aristegui Noticias (Mexico) | Daraj (Lebanon) | Die Zeit  (Germany) | Direkt36 (Hungary)

Forbidden Stories (France) | Haaretz (Israel) | Knack  (Belgium) | Le Monde (France)

Le Soir (France) | Organized Crime and Corruption Reporting Project (OCCRP) (Global Network)

Proceso (Mexico) | Radio France (France) | Suddeutschezeitung (Germany) |

The Guardian (United Kingdom) |  The Washington Post (United States) | The Wire (India)

FRONTLINE – PBS (United States)

The following list captures a portion of the exhaustive investigative coverage provided by Project Pegasus upon launch of the investigation’s findings by all seventeen news organizations on July 18^th.  The information provided in this coverage should assist OODALoop.com readers to evaluate the countries and organizations which the Project Pegasus investigation alleges are using the surveillance tool as well as the global regions and countries where Pegasus may be in operation at this time.

The Project Pegasus Reportage (as of July 19, 2021)
(Source: The Pegasus Project media index)

The Guardian (UK)

• Edward Snowden calls for spyware trade ban amid Pegasus revelations
• Revealed: leak uncovers global abuse of cyber-surveillance weapon
• FT editor among 180 journalists identified by clients of spyware firm
• NSO clients spying disclosures prompt political rows across world
• Saudis behind NSO spyware attack on Jamal Khashoggi’s family, leak suggests
• Hotel Rwanda activist’s daughter placed under Pegasus surveillance
• Viktor Orbán using NSO spyware in assault on media, data suggests
• Revealed: murdered journalist’s number selected by Mexican NSO client
• Edward Snowden on spyware: ‘This is an industry that should not exist’ – video
• Huge data leak shatters the lie that the innocent need not fear surveillance
• The Pegasus project part 1: an invitation to Paris
• What is Pegasus spyware and how does it hack phones?
• Fifty people linked to Mexico’s president among potential targets of NSO clients
• How does Apple technology hold up against NSO spyware?

The Washington Post (US):

• Takeaways from the Pegasus Project
• Letter from the editor
• Opinion: Global spyware such as Pegasus is a threat to democracy. Here’s how to stop it.
• The spyware is sold to governments to fight terrorism. In India, it was used to hack journalists and others.
• Apple iPhones were successfully hacked by NSO’s Pegasus surveillance tool
• Responses from countries to the Pegasus Project
• NSO Group vows to investigate potential spyware abuse following Pegasus Project investigation
• Private spy software sold by NSO Group found on cellphones worldwide
• FAQ: What to know about Pegasus spyware and how to protect your phone
• In Orban’s Hungary, spyware was used to monitor journalists and others who might challenge the government
• Key question for Americans overseas: Can their phones be hacked?
• How Washington power brokers gained from NSO’s spyware ambitions
• Jamal Khashoggi’s wife targeted with spyware before his death
• UN rights chief alarmed by reported use of powerful spyware
• Hungary: Politicians demand inquiry into alleged spying

Aristegui Noticias (MÉXICO):

• Pegasus Project | AMLO, CNTE and Ayotzinapa: Reveal the guts of cyber espionage in Mexico | Video
• NSO Group Denies Pegasus Project Accusations | Video
• AMLO government should not minimize revelations about Pegasus Project: Patron | Find out
• It must be certain if the AMLO government is not compromised by Pegasus: R3D | Find out
• Pegasus, pocket spy that can even activate your camera: Paloma Dupont | Find out
• Pegasus Project | We cannot normalize the ‘birds on the wire’: Leopoldo Maldonado | Find out
• EPN must be held accountable for the use of Pegasus in its six-year term: Mathieu Tourliere | Find out
• Pegasus Project | So they spied on AMLO with Pegasus, even though he didn’t use a cell phone | Video
• Pegasus Project | EPN government incurred in systematic use of Pegasus in an illegal and arbitrary way: Maldonado | Video
• Pegasus Project | Social movements, victims of Pegasus: Lilia Saúl | Video
• Pegasus Project | Let the use of Pegasus in Mexico not remain an anecdote: Mario Patron | Video
• AMLO assures that his government no longer spies and that he will guarantee protection to report journalists
• Pegasus Project | Spyware, Weapon and Threat: Paloma Dupont | Video
• Pegasus Project | The whole circle of AMLO, Pegasus target: investigation | Video
• Pegasus Project | The teaching profession was also the target of Pegasus during the EPN administration
• Pegasus Project: The political, personal life and even the heart of AMLO, a target of espionage in the EPN government
• ‘Pegasus’, “the preferred weapon of repressive governments”: Amnesty
• This is how Aristegui and Barragán presented the world research Pegasus Project | Video
• Pegasus Project | In Mexico it is urgent to guarantee truth, justice and non-repetition in the case # Gobierno
• Espía: R3D
• Pegasus Project: More than 25 journalists in Mexico from TV, radio, internet and press were targets of espionage
• Pegasus Project | At least 180 journalists around the world were selected as Pegasus targets
• Pegasus Project | Relatives of the 43 normalistas of Ayotzinapa, on the list of espionage targets with Pegasus
• Pegasus Project: strong indications of massive espionage in
• Aristegui Live: Pegasus, a global threat of cyber surveillance (live coverage)
• Pegasus Project reveals surveillance weapon like never seen before

The Organized Crime and Corruption Reporting Project (overview page) (EASTERN EUROPE, THE CAUCASUS, CENTRAL ASIA AND CENTRAL AMERICA):

• Who’s on the List
• Israeli-Made Spyware Used to Monitor Journalists and Activists Worldwide
• About the Project
• Life in Azerbaijan’s Digital Autocracy: ‘They Want to be in Control of Everything’
• How Does Pegasus Work?
• Israeli Spy Tech Used Against Daughter of Man Who Inspired “Hotel Rwanda”

Voices of the Hacked:

• Szabolcs Panyi, Hungarian Journalist
• Fatima Movlamli, Azerbaijani Activist
• Sevinj Vaqifqizi, Azerbaijani Reporter
• András Szabó, Hungarian Journalist
• NSO GROUP RESPONDS

Haaretz (ISRAEL):

• Pegasus Project | India’s Gandhi and Pakistan’s Khan Tapped as Targets in Israeli NSO Spyware Scandal
• The Pegasus Project | How Israeli Spy-tech Became Dictators’ Weapon of Choice
• The Pegasus Project | NSO’s Pegasus: The Israeli Cyber Weapon Oppressive Regimes Used Against 180 Journalists (published with Forbidden Stories)
• The Pegasus Project | Khashoggi’s Fiancee, Son Targeted by NSO Tech, Investigation Reveals

PBS FRONTLINE (USA):

• Live Blog: Major Stories from Partners
• Introducing ‘The Pegasus Project’
• VIDEO: How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone
• VIDEO: A Global Consortium Investigates the Use of Pegasus Spyware

Radio France (FRANCE):

• French journalists among those targeted by Israeli spyware Pegasus

Proceso (MEXICO):

•  What is the Pegasus Project?
• Amazon Cancels Services to NSO Group Following Pegasus Project Investigation Release
• Following Pegasus Project relief, Snowden calls for ban on spyware sales