The beleaguered Israeli surveillance ware supplier NSO Group admitted to European Union lawmakers this week that its Pegasus tool was being used by at least five countries in the region.
“We’re trying to do the right thing and that’s more than other companies working in the industry,” said Chaim Gelfand, the company’s general counsel and chief compliance officer, according to a statement. report from Politico.
The company acknowledged that it “made mistakes” and also stressed the need for an international standard to regulate government use of spyware.
The disclosure comes as a special commission of inquiry was launched in April 2022 to investigate alleged breaches of EU law following revelations that the company’s Pegasus spyware is being used to snoop on the phones of politicians, diplomats and members of civil society.
“The committee will examine existing national laws regulating surveillance and whether Pegasus spyware has been used for political purposes against, for example, journalists, politicians and lawyers,” said the European Parliament. said in March 2022.
Earlier this February, the European Data Protection Supervisor (EDPS) called for a ban on the development and use of commercial spyware in the region, declaring that the technology’s “unprecedented level of infringement” could jeopardize users’ right to privacy. could endanger.
Pegasus, and its other counterparts such as FinFisher and Cytrox, are designed to be stealthily installed on a smartphone by exploiting unknown vulnerabilities in software known as zero-days to seize the device’s remote control and collect sensitive data.
Infections are usually achieved through one-click attacks that trick targets into clicking a link sent via messages on iMessage or WhatsApp, or by using zero-click exploits that require no interaction.
Once installed, the spyware supports a wide range of capabilities that allow the operator to track the victim’s whereabouts, eavesdrop on conversations and exfiltrate messages from even encrypted apps such as WhatsApp.
NSO Group, founded in 2010, has long maintained that it only supplies the software to government customers for what it says to tackle terrorism, drug trafficking and serious crime, but there is evidence widely distributed misuse of the software to monitor political opponents, critics, activists, journalists and lawyers around the world.
“Using Pegasus does not require collaboration with telecommunications companies, and it can easily overcome encryption, SSL, proprietary protocols and all the hurdles introduced by complex communications worldwide,” said the Council of Europe. noted in an interim report.
“It provides remote, covert and unrestricted access to the target’s mobile devices. This Modus Operandi of the Pegasus clearly reveals its capacity to be used for both targeted and random surveillance.”