NSO Secrets Revealed: Pegasus spyware Self-Destruction mechanism

Business

Israel’s NSO has built the most powerful spying tool of this century called Pegasus. The full 140-page report filed by WhatsApp in the US court reveals what its most fearfull weapon Pegasus can do.

Facebook’s lawsuit against the NSO group for breaking into WhatsApp and spying 1400 journalists and activists across the world, has brought to light many of the Israeli company‘s secrets.

WION an Indian television news channel claims it accessed the full 140-page report of WhatsApp. Some of the most interesting things appear in the many appendices to it which details the company’s working methods, the payment it charges, the services it provides, and what its most fearfull weapon Pegasus can do. According to NSO, it can monitor virtually the most popular smartphone app.

Its Pegasus spyware includes a self-destruct mechanism that is automatically activated to prevent its exposure and allows the operator to receive automatic alerts on the tracking target location.

This emerges from WhatsApp’s court filings, a detailed secret contract signed between NSO and a company in Ghana which showcases its diverse capabilities.

The agreement to monitor 25 phones, worth $8 million, was signed in December 17, 2015, between the NSO group and Infraloks development limited, a front for the government of Ghana. The amount also included one-year support.

According to the agreement, 50% of the amount will be shipped by January 28, 2016, 35% at the time of hardware delivery and 15% upon completion of the system deployment.

The contract was not signed directly with NSO but with a local company called Infralocs, which functioned as the software provider, so probably not all the transaction amount went into the Israeli company pocket. In fact, according to  Ghana media reports, NSO received only $4 million under the deal.

According to Calcalist, the payment for Pegasus itself includes not only the spyware but a two-week course and a practical on-site overlap week, and supplies of much hardware equipment needed to run it. The list of equipment NSO provides, along with the necessary licenses, is spread over a nine-page contract and includes computers, routers, and servers. It goes into details including a breakdown of the level of power supply that will be included and even specifies the types of cables and numbers provided by NSO. For example, 20 5-meter power cables plus 40 3-meter length cables.

NSO’s warranty year includes ongoing software updates and upgrades, as well as adding new features and capabilities, 24/7 proper functioning monitoring, and a 24-hour, 7-day, 365-day support center.

Facebook sues Israeli spyware NSO for allegedly hacking WhatsApp

Under the contract, NSO provides “assistance in operating, managing and configuring the system as well as resolving all technical malfunctions in the software.”.

Specific support mentions include how-to support, probably ongoing training in performing certain customer-facing tasks, working with the client to “replicate and restore issues” and “isolate, monitor, and correct operational issues.”

Customers who wish to contact NSO for technical support can do so by email ([email protected]), by phone (+ 44-20-3695-4101) or by Skype (NOC-HelpDesk).

This level of support clearly indicates that NSO does not work with a routine and forget method and that it has the ability to remotely connect to systems that operate its customers and gain deep access to their operations – which is necessary to provide effective support. NSO can know what its customers are doing with Pegasus, and there are probably quite a few cases where it also knew exactly what it was doing when it needed to provide support for certain faults.

NSO’s relationship with the customer does not end even at the end of the first warranty year. Under the contract, the Ghanaian government can extend the 12-month warranty period at a cost of 22% of the original contract amount, which is about $ 1.76 million for each additional warranty year. That is, it is likely that in many cases NSO’s relationship with clients, and therefore its knowledge of their operations, is ongoing.

Another part of the contract, as well as much of the promotional booklet, deals with Pegasus’ technical capabilities. The general lines of system capabilities – pumping all the information on the phone, real-time monitoring, remote camera or microphone capability – are already known, but the detailed information only clarifies the depth of control and capabilities of the software.

Under the contract with Ghana, Pegasus can be run on iOS devices 7 to 9.1, Android devices 4 to 5, and BlackBerry 5 to 7.1. The contract indicates the speed of NSO’s response to new OS versions: iOS 9.1 was released on October 21, 2015, so the company was able to attach it to its capabilities in less than two months. On the other hand, version 9.2 launched on December 8 is not yet supported by the contract. The company’s response time, at least at that time, was between two and a half months.

“That goal won’t be suspicious”

As for the infection methods, at that time Pegasus could infect Android and BlackBerry devices by sending a malicious Push message and not requiring active user action. iPhones (as well as Android and BlackBerry), on the other hand, could only be pasted by a user clicking on a malicious link.

An investigation by the New York Times last year found documents suggesting the company sold Pegasus to the United Arab Emirates for at least $ 18 million, and another document that said the software was sold through a subsidiary in Cyprus for $ 11 million.

Read more about: Israeli Spyware, NSO Group, Pegasus, Whatsapp