Media Consortium Report: Israel Quashed Sale of Pegasus Spyware to Ukraine & Estonia

Media Consortium Report: Israel Quashed Sale of Pegasus Spyware to Ukraine & Estonia

Edited by: TJVNews.com

Most countries have their own reconnaissance methods and intelligence gathering has become more prevalent throughout the years. Recently, the Jewish Voice reported that Israel found itself in an imbroglio of sorts due to an enigmatic spyware known as Pegasus.

Pegasus spyware was developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is reportedly able to exploit all iOS versions up to 14.6, through a zero-click iMessage exploit, as was reported by Wikipedia. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones, as was reported by Wikipedia.

Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. Wikipedia reported that sews of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever and was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.

In August 2020, Haaretz reported that NSO Group sold Pegasus for hundreds of millions of US dollars to the United Arab Emirates and the other Gulf States, for surveillance of anti-regime activists, journalists, and political leaders from rival nations, with encouragement and mediation by the Israeli government. Since July 2021, an international investigation Pegasus Project, along with an in-depth analysis by human rights group Amnesty International, reported that Pegasus was still being widely used against high-profile targets, as was reported by Wikipedia.

NSO Group developed its first iteration of Pegasus spyware in 2011. Wikipedia reported that the company states that it provides “authorized governments with technology that helps them combat terror and crime.” NSO Group has published sections of contracts which require customers to use its products only for criminal and national security investigations and has stated that it has an industry-leading approach to human rights, as was reported by Wikipedia.

Pegasus’ iOS exploitation was identified in August 2016. Arab human rights defender Ahmed Mansoor received a text message promising “secrets” about torture happening in prisons in the United Arab Emirates by following a link. Wikipedia reported that Mansoor sent the link to Citizen Lab of the University of Toronto, which investigated, with the collaboration of Lookout, finding that if Mansoor had followed the link it would have jailbroken his phone and implanted the spyware into it, in a form of social engineering.

Citizen Lab and Lookout discovered that the link downloaded software to exploit three previously unknown and unpatched zero-day vulnerabilities in iOS. According to their analysis, the software can jailbreak an iPhone when a malicious URL is opened, a form of attack known as spear phishing. The software installs itself and collects all communications and locations of targeted iPhones. The software can also collect Wi-Fi passwords.

Wikipedia reported that the researchers noticed that the software’s code referenced an NSO Group product called “Pegasus” in leaked marketing materials. Wikipedia reported that Pegasus had previously come to light in a leak of records from Hacking Team, which indicated the software had been supplied to the government of Panama in 2015. Citizen Lab and Lookout notified Apple’s security team, which patched the flaws within ten days and released an update for iOS. A patch for macOS was released six days later.

Regarding how widespread the issue was, Lookout explained in a blog post: “We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code” and pointed out that the code shows signs of a “kernel mapping table that has values all the way back to iOS 7” (released 2013). Wikipedia reported that the New York Times and The Times of Israel both reported that it appeared that the United Arab Emirates was using this spyware as early as 2013.It was used in Panama by former president Ricardo Martinelli from 2012 to 2014, who established the Consejo Nacional de Seguridad (National Security Council) for its use.

On February 2 of this year, the AP reported that the FBI has confirmed purchasing Pegasus spyware. It suggested its motivation was to “stay abreast of emerging technologies and tradecraft.”

The New York Times recently reported that “the Israeli government rejected requests from Ukraine and Estonia in recent years to purchase and use Pegasus to hack Russian mobile phone numbers, according to people with knowledge of the discussions.”

Fearing that their relationship with Russia and the agreements that Israel established with it as it pertains to Hezbollah in Syria would be placed in jeopardy, Israel decided that selling the Pegasus software to nations that have an adversarial relationship with it, as was reported by the Times.

In the years before the Russian invasion of Ukraine, both Estonia (another country that fears a Russian takeover) and Ukraine had placed their bets on getting their hands on Pegasus as a sure-fire way of gaining access to Russian cell phones, the report indicated.

The Times reported that the Washington Post and The Guardian of the UK, are part of a consortium of news organizations called The Pegasus Project. They reported that these discussions about Pegasus between Ukraine, Estonia and Israel dated back to 2019, and first reported that Israel had blocked Estonia’s efforts to obtain Pegasus.

Those efforts, however, were rebuffed and NSO Group, which is regulated by the Israeli ministry of defense, was never permitted to market or sell the company’s spyware to Ukraine, the Guardian reported.

The spyware has also been used against senior government and diplomatic officials, from Spain to France to Uganda, in cases that were seen as attempts by some countries to use the tool to conduct domestic or international espionage, according to the Guardian report.

NSO has said its spyware is meant to be used by government clients to target serious criminals and terrorists. It has also said it investigates serious allegations of abuse.

In a statement, NSO said the company “can’t refer to alleged clients and won’t refer to hearsay and political innuendo,” according to Times report.

Ukraine’s reaction to Israel declining their request to purchase Pegasus was that of deep disappointment, as it had the ability to provide critical information to them in terms of monitoring Russia’s military movements and assessing the foreign policy objectives of Russia, the Times reported. This information was provided to the Times by a senior Ukrainian official who was familiar with the attempts his country made to buy the spying software.

About a year after Ukraine made its request to Israel about the possible purchase of Pegasus, the Times reported that a senior Russian defense official contacted Israel security agencies to notify them that Russia had learned of Estonia’s plans to use Pegasus against Russia. The Times also reported that subsequent to a series of raucous debates amongst Israeli officials, Israel’s Ministry of Defense blocked Estonia from using the spyware on any Russian mobile numbers worldwide.

Israel has used the tool as a bargaining chip in diplomatic negotiations, most notably in the secret talks that led to the so-called Abraham Accords that normalized relations between Israel and several of its historic Arab adversaries, as was reported by the Times.

When posed with questions about the Pegasus matter, the Israeli Ministry of Defense responded to the New York Times in a statement which said: “Policy decisions regarding export controls, take into account security and strategic considerations, which include adherence to international arrangements. As a matter of policy, the State of Israel approves the export of cyber products exclusively to governmental entities, for lawful use, and only for the purpose of preventing and investigating crime and counter terrorism, under end use/end user declarations provided by the acquiring government.”

During his address before Israel’s Knesset, Ukrainian President Volodymyr Zelensky chided Israel for not giving his country such military hardware as stinger missiles or the Iron Dome anti-missile system which Israel has been using for a number of years against Hamas rockets launched from Gaza into the heartland of Israel. The Ukrainian president also took issue with Israel for their alleged reluctance to imposing tighter and more serious sanctions on the Russian economy.

Zelensky also invoked memories of the Holocaust in his remarks when re referred to the incessant Russian military strikes on Ukraine as their own version of Hitler’s “Final Solution.” Many in Israel took umbrage at Zelensky’s Holocaust reference, but still remained committed to provide Ukraine with an exorbitant amount of humanitarian aid.  (Additional reporting by: Fern Sidman)