Pegasus – Winged horse or Trojan horse?

The most nefarious and dangerous malware is not what you think. Is it the latest and greatest ransomware from REvil or Darkside? Nope, it’s actually named Pegasus – from the Israeli technology company called NSO Group and it’s totally legit…kinda.

Remember a few years ago when Apple refused to build a back door into the iPhone so the FBI could access a suspected terrorist’s iPhone? Apple didn’t back down, so the FBI went to a private company to break the iPhone’s encryption. That company was NSO Group.

NSO Group is back in the headlines with a new malware tool called Pegasus. Not the winged horse but malware our governments and presumably anyone with a lot of cash can use to spy on us. Pegasus silently infects iPhones and Android devices, allowing military, law enforcement and intelligence agencies to extract messages, photos and emails, record calls and secretly activate microphones and cameras!

Singing from the NRA songbook

NSO Group software was allegedly used to spy on U.S. based journalist Jamal Khashoggi who was subsequently murdered at the Saudi embassy in Istanbul in October 2018. French website Forbidden reported that French President Emanuel Macron’s phone was infected with Pegasus and Amnesty International has reportedly found Pegasus infected phones in the hands of more than 50 journalists, politicians and activists around the world.

So what is NSO Group’s response to these allegations? Blame the customer not the software. Much like the tired old refrain used by supporters of the National Rifle Association (NRA) in the U.S., “guns don’t kill people, people kill people”, an NSO spokesperson recently responded to questions about Pegasus by saying “If I am the manufacturer of a car and now you take the car and you are driving drunk and you hit somebody, you do not go to the car manufacturer, you go to the driver.”

Get to the point

The focus on who deployed NSO software is misguided. Instead, we should be focusing on why it was deployed. Ever since Edward Snowden exposed the systemic surveillance of pretty much everyone by the U.S. National Security Agency (NSA), the fine line between hackers and those who are supposed to stop them has blurred. 

When governments and private companies can target anyone with a mysterious piece of malware and grab literally anything we have stored on our smartphones without permission, you must ask yourself one question: What is the point of human rights or a constitution when access to everything we do can be tracked, copied and perhaps used against us?

If you thought hackers’ ransomware was bad enough, now we have to protect ourselves from our own governments.