Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security

Pegasus Spyware Found On Journalists' Phones, French Intelligence Confirms (theguardian.com) 50

French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country's international television station France 24. Pegasus is the hacking software -- or spyware -- that is developed, marketed and licensed to governments around the world by NSO Group. The malware has the capability to infect billions of phones running either iOS or Android operating systems. It enables operators of the spyware to extract messages, photos and emails, record calls and secretly activate microphones. The Guardian reports: It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project -- a consortium of 17 media outlets, including the Guardian. Forbidden Stories, a Paris-based nonprofit media organization, and Amnesty International initially had access to a leaked list of 50,000 numbers that, it is believed, have been identified as those of people of interest by clients of Israeli firm NSO Group since 2016, and shared access with their media partners.

France's national agency for information systems security (Anssi) identified digital traces of NSO Group's hacking spyware on the television journalist's phone and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking. Anssi also found Pegasus on telephones belonging to Lenaig Bredoux, an investigative journalist at the French investigative website Mediapart, and the site's director, Edwy Plenel. Forbidden Stories believes at least 180 journalists worldwide may have been selected as people of interest in advance of possible surveillance by government clients of NSO.

Le Monde reported that the France 24 journalist, based in Paris, had been selected for "eventually putting under surveillance." Police experts discovered the spyware had been used to target the journalist's phone three times: in May 2019, September 2020 and January 2021, the paper said. Bredoux told the Guardian that investigators had found traces of Pegasus spyware on both her and Plenel's mobile phones. She said the confirmation of long-held suspicions that they had been targeted contradicted the repeated denials of those who were believed to be behind the attempt to spy on them.

This discussion has been archived. No new comments can be posted.

Pegasus Spyware Found On Journalists' Phones, French Intelligence Confirms

Comments Filter:
  • How is this not considered an act of war?
    • I consider an act of war.
      • by rtb61 ( 674572 )

        All about extortion, act of crime, who were the perpetrators, lets see, who was behind Mr Epstein and his extortion program, the CIA and the Mossad. So how effective was the extortion program, how out of character were some decisions of politicians around the globe favouring Israel, pretty much red flag every single one of them.

    • by Aighearach ( 97333 ) on Monday August 02, 2021 @10:31PM (#61649083)

      Because Morocco is their ally, and they're hacking the French journalists to uncover links to and information about their local journalists, who they actively oppress.

      So it isn't really an "act of war" type of situation in the first place. It is a "diplomatic incident" type situation.

      And, it is considered a diplomatic incident. French relations with both Morocco and Israel have been harmed by this.

    • Spying is not an act of war. Intelligence gathering is always ongoing - in peace and in war. At an embassy, you may find someone by the title of Military Atache - he is usually the chief spy.
    • Because they are doing the same thing....

    • How is this not considered an act of war?

      It is but most people are dense that there is a real war of the oligarchs against the masses, and the upper class is fearful and weirded out by the internet allowing free flow of information. See here by former national security advisor of the United states, Zbigniew Brezinski:

      https://www.youtube.com/watch?... [youtube.com]

    • "How is this not considered an act of war?"

      When the 'acts-of-war'-dictionary was written, even planes weren't invented yet.
      So give them time, one or two hundred years.

  • by DontBeAMoran ( 4843879 ) on Monday August 02, 2021 @09:44PM (#61649003)

    We really need hardware switches for both the camera and microphone. If an application wants to use either, it detects the hardware is disabled and asks the user to enable it physically.

    But no...., all the fucking phones need to look like a smooth glass slab with no tactile features whatsoever - except a stupid bump in the back for the cameras instead of just making the whole thing as thick as the bump and increase the battery size at the same time.

    • We don't even have such hardware switch for (nearly any) laptops, when laptops have so much spare space for the tiny switch.

      For phone, such switch, if possible, will be part of accept phone call procedure. Because it is NOT okay for the phone to auto accept phone call when that hardware switch is on, the normal accept phone call procedure on such phone might be two-stepped. Such extra inconveinence will probably be unpopular to most people who don't care much about privacy. (Or maybe some extra detection

      • Reputable new laptops have a cover that slides over the camera.

        Even the thin ones like the Thinkpad Yoga

        • Reputable new laptops have a cover that slides over the camera.

          Even the thin ones like the Thinkpad Yoga

          Do you know camera cover is easy to DIY? It is always the microphone that's the problem. (If one worry DIY'd camera cover is not safe, those first-party camera cover aren't any safer either)

          • "Do you know" Thinkpads have hardware mute, you mute it with the media button and the OS can't turn it on if it wants to.

            And as for DIY, you can open up the case and fix the problem in a variety of ways if you want. Assuming you bought something that can be opened, of course. But if you're talking DIY, that's on you to buy things that are repairable.

            Look at your userid. Look at my userid. Fuck off with the "do you know."

            • Oh you trusting soul. You actually think pressing a button that changes a setting in the software can't be bypassed? The whole Pegasus software package is designed to bypass all those security settings you rely on. Activating the microphone without changing the status on the display would be trivial for the software that is running at a system level.

              If you want more proof, just run a software utility that replaces the function of that button to something else like starting your browser. So much for "har

              • Well, you could do it right like hardwiring the camera status LED into the cameras power circuit. But I remember when several cameras that were designed like that screwed up with some circuitry and that could be fooled, too. (if someone remembers that too, sorry I forgot the details)

              • With Thinkpads the camera has a physical cover, so the lack of an indicator isn't a big deal. Though mine does have an indicator LED.

                But the hardware mic mute does have an LED, on the keyboard media button. If you turn it back on in software, the mute light turns off. The idea that it is trivial to bypass the BIOS-equivalent is just stupid-sauce from some moron who doesn't understand what "system level" would mean.

                If you change what the button does... the mute LED would not turn on. Duh. The LED is connecte

                • Yeah, nice try. If the mute LED was connected to the chip enable pin, you wouldn't be able to mute the mic and still listen to sound from your speakers.

                  I'm impressed that you have seen the logic diagram of the hardware codec chip and the wiring diagram of the laptop's status display LEDs. Is the CE pin an active high or active low enable? Is the anode of the LED connected to the CE line or the cathode? Is there a pull-up resister inline or does the CE signal also supply the ground for the LED?

                  If the LED

                  • That's right, when you use the hardware mute it mutes both the mic and the speakers.

                    But not bluetooth, if you're using bluetooth speakers. It does mute the headphone jack, though.

                    I think you made up

                    And I think you're a fucking moron who can't figure out than I'm an electronics engineer who designs mixed circuits and writes firmware.
                    Do you think I'm impressed that you wrote some very simple software... over 20 years ago?
                    Do you know why I know the LED is connected to the audio codec? Because I was curious and looked at the fuck

      • We used to be able to decide ourselves to switch on the computer. It's obscene how the control we have over a windows machine has been systematically reduced and we've become a client who logs on.

        • by thomn8r ( 635504 )

          We used to be able to decide ourselves to switch on the computer. It's obscene how the control we have over a windows machine has been systematically reduced and we've become a product who logs on.

          FTFY

    • by Narcocide ( 102829 ) on Tuesday August 03, 2021 @12:38AM (#61649309) Homepage

      Pinephones [pine64.org] have them [pine64.org].

    • I don't worry about being caught fapping by unknown glowies perving on me in my home. I look directly into the camera with my vinegar face to show dominance.
    • Just buy a case which blocks the camera and microphone. There are even ones which have a faraday cage built in which blocks the GPS. Of course it also blocks the phone signal so you cant receive calls . You have to take the thing out of the case to be able to receive calls. Works great for when you want to concentrate on work without disruptions.
    • That won't solve the problem. Eventually you have to connect - when you do the spyware is waiting. This is, in fact, exactly why they want to compromise your phone. The government people who originally paid for this stuff already have access to your phone calls through the network. What they want is the other stuff.

    • by Tom ( 822 )

      Marketing.

      When "ours is 2 mm thinner than the others" is part of your marketing, then nonsense like that happens.

      I've never bought a phone with a bump. It's the pinnacle of stupidity to design a product like that. I'm staying on my iPhone SE among other things for that reason.

  • How many years before this is reverse engineered by bad actor's with even less oversight than it currently has? Essentially this is a digital bioweapon waiting in the wings ready to be deployed to just about every system connected to the outside web,
    • They've already started doing that and the Russian and Chinese hackers used NSA malware against the USA. In fact the whole point of this story is that NSO sold Pegasus spyware to organisations without proper oversight.

      • by Tom ( 822 )

        Isn't it funny how all the "oversight" always "fails" in these markets? Spy tools, weapons, you name it...

      • I can't wait for your hilarious interpretation of what 'proper oversight' is supposed to mean.
        I'm sure the NSA have their interpretation though. The NSO should not bypass the NSA. Period. End of NSO.

        • I can't wait for your hilarious interpretation of what 'proper oversight' is supposed to mean.
          I'm sure the NSA have their interpretation though. The NSO should not bypass the NSA. Period. End of NSO.

          Well, I think "proper oversight" depends who you are and in what circumstances. For example, I, as a citizen of a democracy think that "proper oversight" means that hacking of phones should happen either a) after a court order from a judge within an effective legal system which follows the rule of law (this rules out, for example, judges in Belorussia). or b) in a proper espionage situation against an enemy nation which has not properly agreed to follow the laws of my country.

          However, in this case I meant

          • I'd like to see what judge will approve hacking a journalist.
            NSO does not distinguish between domestic spying on opponents or journalist and international spying. In this case it is international spying on journalists. So there is nothing legal about it, French wimps or not.

            NSA cares about oversight in that they should be in control. NSO was going off on their own. That makes them the NSA prime candidate for releasing the list. I wonder if NSO has such a list. They may not want to know.

            NSO isn't the only Is

  • It's impossibile for such an expensive and sophisticated software to be deployed without the knowledge of the company that sells it. And I would be very surprised if the Israeli government weren't aware as well.
    • The software isn't expensive to replicate .. after all the cost is in the R & D and the expertise of the development team .. actually reproducing it or reverse engineering the code using debugging tools really isn't expensive at all. NSA couldn't keep the lid on it's toolkit what makes you think a private company can do better ? Where there is greed or the opportunity to subvert/coerse members of the development team of those with access comes weakness in security. Deploying the toolkits onto target d
      • 0-day vulnerabilities against IOS are very valuable, and usually they're also difficult to exploit - even more so for state bureaucrats of the government of a developing country. If the average utility program such as "super downloader pro" has a copy protection scheme, you can bet on the fact that NSO protected Pegasus as well.
    • I assume they have procedures to keep some plausible deniability, mossad might have a backdoor but NSO is going to keep intentionally ignorant of targets to avoid liability as much as possible.

  • If anyone is going to sue that company for creating this?

    Of course not, since they are from the chosen ones, they are untouchable and do no wrong.

Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer

Working...