Cellphone spyware sold by an Israeli security firm is suspected of being used against targets in dozens of countries including the United States, researchers warned Tuesday, raising concerns and questions about topics ranging from eavesdropping to export control.
Known as “Pegasus,” researchers from the University of Toronto’s Citizen Lab linked the malware to infections in 45 countries, including the U.S., Canada and the U.K., in addition to dozens of other nations, democratic and otherwise, they wrote in a report.
Sold by NSO Group of Herzliya, Israel, Pegasus is capable of exfiltrating private data from infected cellphones, including passwords, text messages and live voice calls, and has previously been deployed against targets including Mexican journalists and a prominent United Arab Emirates human rights activist, among others.
Citizen Lab researchers scoured the internet for servers associated with Pegasus spyware during a two-year period ending August 2018, in turn discovering 1,091 IP addresses and 1,014 domain names, their report said. They subsequently used specialized software to group some of the data into 36 distinct Pegasus systems, each one apparently run by a separate “operator,” then further determined which countries each one was targeting.
Ultimately the technique detected a total of 45 countries “where Pegasus operators may be conducting surveillance operations,” including the U.S., Citizen Lab reported.
“The scope of this activity suggests that government-exclusive spyware is widely used to conduct activities that may be illegal in the countries where the targets are located, Citizen Lab reported. “While some of these infections may reflect usage of out-of-country VPN or satellite Internet service by targets, it is possible that several countries may be actively violating United States law by penetrating devices located within the U.S.”
NSO Group disputed the report in a statement, touting its products as “licensed only to legitimate government agencies for the sole purpose of investigating and preventing crime and terror.”
“The company works in full compliance with all applicable laws, including export control laws,” NSO Group said. “There are multiple problems with Citizen Lab’s latest report. Most significantly, the list of countries in which NSO is alleged to operate is simply inaccurate. NSO does not operate in many of the countries listed.”
“Our products have saved the lives of thousands of people, prevented suicide terror attacks, helped convict drug cartel lords, facilitated complex crime investigations, and returned kidnapped children to their parents,” NSO Group claimed.
NSO Group could not immediately be reached for further comment.
At least six of the countries where Citizen Lab detected Pegasus operations have “previously been linked to abusive use of spyware to target civil society,” the report said.