Pegasus Spyware & How To Fight Against Digital Surveillance (Including How-To-Guide For Analyzing Your Phone)

Pegasus, a highly advanced and invasive spyware developed by the Israeli company NSO Group, has raised concerns worldwide about the extent of digital surveillance and its impact on privacy, human rights, and freedom of speech. With the ability to access and control almost any function on a phone, Pegasus has been found to target not only terrorists, as claimed by the NSO Group, but also activists, journalists, and human rights defenders.

This article will delve into the effects of Pegasus on global communities, the investigation by Forensic Architecture, and the growing resistance against digital surveillance. Furthermore, this article will guide you through the process of analyzing your iPhone for hidden spyware using the free, open-source Mobile Verification Toolkit (MVT) from Amnesty International.

Content

Pegasus: A Powerful and Intrusive Tool

Investigations into Pegasus

The Psychological Toll of Being Targeted by Pegasus

The Global Impact of Pegasus

The Role of Technology Companies and Governments

Fighting Back Against Digital Surveillance

• How to scan your iPhone for hidden spyware
• Other Measures

Conclusion & Call to Action

Pegasus: A Powerful and Intrusive Tool

With just a single text, Pegasus spyware can bypass a phone's security and gain complete access to the device. Pegasus, developed by the Israeli surveillance company NSO Group, is considered the most advanced and invasive form of surveillance technology. It can access every message, photo, video, email, microphone, camera, GPS, and more, rendering any end-to-end encryption like WhatsApp or Signal meaningless once installed. Its ability to infect a device can come through a one-click hack, where the target receives a message and clicks on it, or a zero-click hack, where a missed call is enough to compromise the device. Later versions of Pegasus even use vulnerabilities in apps like WhatsApp as a doorway to infiltrate phones.

Pegasus can infect both iOS and Android devices while remaining virtually undetectable. It exploits zero-day vulnerabilities, which are security flaws unknown to the device's manufacturer. The primary clients for this spyware are governments worldwide that have purchased Pegasus from NSO Group.

NSO Group has claimed that Pegasus is a law enforcement tool, but the Guardian's investigation exposes the extent of the software's misuse. The widespread use of Pegasus has significant ramifications for privacy, affecting everyone with legitimate secrets. Pegasus can make it less likely for dictatorial regimes to transition to democracies, as it exponentially increases their capacity to monitor and control their populations. This poses a significant threat to democracy, revealing that many technologies we believe keep us safe are, in fact, failing to do so.

Investigations into Pegasus

Forensic Architecture, a multidisciplinary research group, is dedicated to investigating state and corporate violence using spatial and media methodologies and technologies. The group has now turned its focus on Pegasus and its impact on various communities around the world.

Through their research, Forensic Architecture has discovered that the spyware targets a wide range of individuals, including investigators, journalists, activists, opposition figures, religious figures, dissenters, and community organizers. This finding contradicts NSO Group's claim that Pegasus is designed to track terrorists and instead reveals a pattern of targeting those who challenge state power and demand accountability.

A Guardian investigation, in partnership with Forbidden Stories, has revealed widespread abuse of Pegasus by NSO's government clients. The leaked records include phone numbers of thousands of individuals selected as potential targets by governments with access to Pegasus. Although appearing on the list does not guarantee that a phone was hacked, forensic analysis has confirmed attempted or successful Pegasus infections in dozens of cases.

Amnesty International has reported a massive leak of 50,000 phone numbers, demonstrating the alarming scale and severity of the abuse caused by Pegasus.

The Psychological Toll of Being Targeted by Pegasus

The impact of Pegasus on individuals goes beyond the invasion of privacy. Being targeted by the spyware has a significant psychological effect, as people may withdraw from communicating with others for fear of compromising their contacts. This breakdown in communication networks is particularly detrimental to activists and journalists, who rely on these connections to expose and confront state crimes.

Forensic Architecture has interviewed numerous Pegasus targets, some of whom have experienced arrests and imprisonment in the past. These individuals have described emotional and psychological distress, including nightmares, resulting from the knowledge that they have been targeted by the spyware.

The Global Impact of Pegasus

The impact of Pegasus extends far beyond individual cases, as the spyware has been linked to human rights violations in various countries. By targeting activists, journalists, and human rights defenders, Pegasus contributes to the suppression of dissent and the erosion of democracy around the world.

For example, in Mexico, Pegasus targeted individuals investigating the disappearance of 43 teaching students in Iguala, Guerrero. This case revealed state collusion and involvement in the disappearances, making it an extremely controversial issue. Journalists and lawyers who reported on the case or held the state accountable were subsequently targeted by Pegasus.

Similarly, in countries like India, Rwanda, Palestine, and the United Arab Emirates, Pegasus has been used to target and silence dissenters, opposition figures, and human rights activists. This pattern reveals a global trend in the use of digital surveillance to suppress dissent and maintain state power.

Disturbingly, the spyware has also been linked to the murder of Saudi journalist Jamal Khashoggi.

The Role of Technology Companies and Governments

The Pegasus case highlights the need for greater oversight and regulation of technology companies involved in digital surveillance. Governments must be held accountable for their use of such technology and should be required to demonstrate that any use of surveillance tools is strictly limited, necessary, and proportionate to a legitimate aim.

Companies like NSO Group must also take responsibility for the impact of their products on human rights and ensure that they are not enabling state abuse. This can include implementing human rights due diligence processes, engaging with stakeholders, and being transparent about the use of their technology.

Fighting Back Against Digital Surveillance

Despite the challenges posed by Pegasus, activists and journalists have become more empowered, organized, and resistant in their fight against digital surveillance. By standing up and demanding accountability from their governments, they continue to challenge state power and refuse to be silenced.

Forensic Architecture and other organizations are working to expose the patterns and relationships of digital violence, with the aim of creating networks that push back against the silencing and cutting effect of Pegasus and similar spyware. By utilizing open-source investigation techniques and collaborating with individuals from diverse backgrounds and disciplines, these groups are shedding light on the darker side of digital surveillance and fostering global resistance.

The growing awareness of the dangers of digital surveillance, particularly the use of Pegasus, has successfully led to the formation of global networks of resistance. By sharing their experiences and collaborating on strategies to combat digital surveillance, activists, journalists, and human rights defenders are pushing back against state oppression and surveillance.

How to scan your iPhone for hidden spyware

Mobile Verification Toolkit (MVT) is a set of tools designed to enable consensual forensic examination of iOS and Android devices to detect any indications of compromise. MVT's features are constantly evolving, with some key functions including:

• Decryption of encrypted iOS backups
• Processing and parsing records from various iOS system and app databases, logs, and system analytics
• Extraction of installed applications and diagnostic information from Android devices using the adb protocol
• Comparison of extracted records to a list of malicious indicators in STIX2 format
• Generation of JSON logs of extracted records and separate logs of detected malicious traces
• Creation of a unified chronological timeline of extracted records and a timeline of detected malicious traces

MVT is a forensic research tool designed for technologists and investigators, requiring knowledge of forensic analysis and command-line tools. It is not intended for end-user self-assessment. If you have concerns about your device's security, seek expert assistance.

Although MVT can extract and process various types of personal records typically found on a mobile phone (such as call history, SMS, and WhatsApp messages), its primary goal is to help identify potential attack vectors like malicious SMS messages leading to exploitation.

MVT is not meant to enable adversarial forensics of non-consenting individuals' devices. The license explicitly prohibits the use of MVT and its derivative products for extracting and/or analyzing data from devices without the individual's consent.

Step 1: Create an Encrypted iPhone Backup

Before analyzing your iPhone for spyware, you need to create an encrypted backup. Encrypted backups contain more data for analysis than unencrypted ones. Connect your iPhone to your computer, and create a backup using Finder (for macOS users). Ensure the 'Encrypt local backup' checkbox is marked.

Step 2: Install the Mobile Verification Toolkit (MVT)

Install MVT using the command line. For macOS users, the package manager Homebrew is recommended. If you don't have Homebrew, install it from brew.sh. MVT requires 'git', 'python3', and 'libusb' packages. Install these using Homebrew in a Terminal window. Next, clone the Github repository using git, navigate to the 'mvt' folder using 'cd mvt', and install the cloned repository using python3 with 'pip3 install .'.

Step 3: Decrypt Your Backup

Decrypt your backup using the 'mvt-ios decrypt-backup' command. Provide your backup password (use single quotes for special characters), the destination folder path, and the path to the encrypted backup location (usually '~/Library/Application Support/MobileSync/' on macOS). Run the command and wait for the process to complete.

Step 4: Remove Command History and Change Backup Password

After decrypting the backup, remove the command history in Terminal using the appropriate command. Change your backup password in Finder as soon as possible.

Step 5: Clone Indicators Repository and Check Backup

Clone the indicators repository provided by Amnesty International. Check your backup using 'mvt-ios check-backup', and specify the spyware to check for (e.g., Pegasus). Provide the path to the file (e.g., 'pegasus.stix2'). If you want to save the analysis result, provide the option '-o' with an existing folder, followed by the path to your decrypted backup folder.

Step 6: Analyze Results

The toolkit will analyze your iPhone logs and create several JSON files and a timeline table in the output folder. It checks for known spyware behavior, domains, and email addresses. Suspicious behavior will be marked with a warning in the Terminal, and you'll be notified if an infection is found.

Conclusion

Analyzing your iPhone for hidden spyware provides insight into the vast amount of data generated daily. While not all warnings indicate an infection, it's essential to stay vigilant and protect your privacy. By using the Mobile Verification Toolkit, you can ensure your device is free from spyware and gain a better understanding of the data you produce.

Other measures to fight Digital Surveillance

1. Use encrypted communication apps: Opt for communication apps that offer end-to-end encryption, such as Signal and WhatsApp. These apps protect your messages, calls, and media from being intercepted or accessed by third parties.
2. Regularly update software: Keep your device's operating system and apps updated to ensure that you have the latest security patches. This reduces the risk of vulnerabilities that hackers can exploit to gain access to your device.
3. Employ privacy-enhancing technologies: Use tools like Virtual Private Networks (VPNs) to encrypt your internet connection and protect your online activity from being tracked. Consider using privacy-focused browsers, such as Tor or Brave, which offer additional protection against tracking and surveillance.
4. Enable two-factor authentication (2FA): Use 2FA for all your online accounts, including email, social media, and banking. This adds an extra layer of security by requiring a second form of verification, such as a text message or a biometric input, in addition to your password.
5. Be cautious with links and attachments: Avoid clicking on suspicious links or downloading unknown attachments, as these can be used to infect your device with malware or spyware.
6. Secure your home network: Change the default password for your Wi-Fi router and enable WPA3 encryption to protect your network from unauthorized access. Disable remote management features and update your router's firmware regularly.
7. Advocate for stronger legal protections: Join forces with organizations and individuals to call for stricter legal protections against digital surveillance. This can involve supporting legislation that limits government surveillance powers or promoting the adoption of privacy-preserving technologies.
8. Educate yourself and others: Stay informed about digital surveillance issues and learn about the latest privacy tools and techniques. Share this knowledge with friends, family, and colleagues to help them protect their own privacy.
9. Support privacy-focused organizations: Contribute to organizations that advocate for digital privacy and work to expose and combat surveillance abuses, such as the Electronic Frontier Foundation (EFF), Privacy International, or the American Civil Liberties Union (ACLU). These groups often provide valuable resources, legal assistance, and policy advocacy to protect individual privacy rights.

Conclusion & Call to Action

The Pegasus spyware serves as a stark reminder of the power and potential for abuse in digital surveillance. The work of organizations like Forensic Architecture is crucial in exposing these threats and rallying support for those affected by such invasive technology. As more people become aware of the dangers posed by Pegasus and similar tools, the fight against digital surveillance will continue to gain momentum, empowering activists, journalists, and human rights defenders to stand up against state oppression and demand accountability.

The fight against digital surveillance and the abuse of tools like Pegasus requires a concerted effort from individuals, organizations, technology companies, and governments. By raising awareness, building networks of resistance, and demanding accountability, we can begin to counter the insidious effects of invasive surveillance technology on privacy, human rights, and democracy worldwide.

As the struggle against digital surveillance continues, it is crucial to remember that the ultimate goal is to protect the rights and freedoms that are fundamental to a just and open society. By working together, we can push back against the encroachment of digital surveillance and create a world where privacy, human rights, and democracy are respected and upheld.