Spyware, a booming industry (also), a year after Pegasus

In the world of computing, horses are often associated with interferences of all kinds, in reference to the Trojan horse Ulysses, described by Homer in his book Odyssey. But despite its somewhat evocative name, no one really saw Pegasus coming. The software developed by the Israeli company NSO a year ago was accused of spying on more than 50,000 smartphones around the world between 2016 and 2021. Not just any of those of several journalists, such as Saudi Jamal Khashoggi, who was assassinated in October 2018. Activists and political opponents, And also leaders, about fifteen in total, such as Emmanuel Macron. Buyers of the software – including several countries – have recovered a wide range of data, ranging from photos to messages in installed applications, even encrypted. A real war chest.

The full extent of the phenomenon is still unknown. Marking the first anniversary of this scandal, Amnesty International recently highlighted new hacks, this time in Thailand, into the phones of political opponents. In the spring, the Spanish CEO was turned upside down by assured spying on Catalan separatists through Israeli programs. Digital excavations should last for years…not just this Spying programs. “Pegasus is just the tip of the iceberg,” Amnesty International said today.

Predator, Hermit, and the Others…

The past year has been truly inspiring. Among the names that emerged: Predator, from Macedonian company Cytrox, whose daylight activity was revealed in December in a report by Toronto’s Citizen Lab, was at the forefront of detecting spyware. Other examples: the Israeli Kanderu solution, which was used against British Parliamentarians, or Spying programs The Italian RCS Labs hermit, discovered in Boot and in Kazakhstan, informs Google of Google’s “Threat Analysis Group” (TAG) in a blog post published just a month ago. “The commercial spyware industry is booming and growing at a significant rate,” notes TAG, which actively tracks about 30 vendors “with varying levels of sophistication and public visibility by selling exploits or monitoring capabilities to government-backed actors.”

limited offer. 2 months for 1 euro without commitment

An alarming note, especially since these 30 players identified are undoubtedly the only ones navigating these turbulent waters. Digital espionage is actually more like a hydra than a herd of horses. “When a company dies – more recently FinFisher and HackingTeam – others quickly take over,” notes Loïc Guézo, general secretary of Clusif (French Information Security Club). What will happen to NSO in the event of clinical death?

Apple hit back

This anti-spyware is gaining momentum. The Pegasus scandal has improved its discovery, thanks to Amnesty Tech’s MVT programs or a mobile app developed by French cybersecurity firm Tehtris. The setbacks faced by the Israeli company also prompted Google and Apple, whose Android and iOS systems serve as attack gateways, to review their structures. On July 6, Apple announced the creation of a new data protection tool in its iOS16 that will be available this fall: “Lockdown” (“Containment”) mode. Among the features: automatic blocking of attachments, wired connections impossible if the iPhone is locked, disabling many complex web technologies, and many digital razor wires.

Another, more effective, tactic directly targets these companies’ business model. “The amount of money at stake in this environment is one of the temptations that can push a hacker to the side of the attackers. Ultimately, it is easier and less risky than being a drug or arms dealer,” says Ingrid Solner, director of marketing at Tehtris. So Apple has increased the amount of rewards offered to hackers who warn them about serious “0 day” flaws, and these violations are not known to developers and therefore have not yet been closed. The premium the company gave Apple could now be as high as $2 million, one of the highest ever offered.

The ball is in the United States’ court

However, there are several elements that hinder anti-spyware. The first, technological: a new “0 day” defect out of two discovered from Google Since the beginning of the year as a result of a bug has been corrected. A statistic that highlights the top speed of hackers and the increasing difficulty of cybersecurity experts to effectively counter threats. “It is practically impossible to provide evidence of no infection at all – even if we find nothing,” comments in particular the brand-new “Digital Security Labs” that Reporters Without Borders (RSF) has launched to combat this type of threat, with Lexpress.

The second limit is political. A year after Pegasus, no law or voluntary ban has come to strictly frame the spread of spyware. Admittedly, the first agreement on “dual use goods” (civil and military) entered into force last September in the European Union, so that human rights are taken into account when selling this spyware. But the methods of control remain very mysterious so far, although Poland and Hungary are highly suspected of being among the buyers of this type of solution. The NSO Group itself has acknowledged that there are five Pegasus customers in the consortium. The US has also taken drastic measures, in its own way, by placing NSO and Candiru on the list of companies banned from trading, as they threaten the country’s national security. However, their position remains a mystery: L3Harris Technologies, a subcontractor of the Department of Defense, has positioned itself to become the owner of the Pegasus software.

Quick Application

For tracking analysis and decoding wherever you are

Download the app

Download the app

“The road to having a full regulatory framework in place, both internationally and in national law, is still a long way off,” says Sienna Anastis, of Citizen Lab, who advocates for more transparency in this market. Many illusions. “I suspect that countries will continue to have an increased appetite for Pegasus spyware,” the specialist said.

Loic Guizou, for his part, is holding out some hope. A commission of inquiry is currently open within the European Parliament. Experts and players in the industry – including some of the NSO leaders – are being questioned about this still-mysterious industry. “This is a positive outcome of the Pegasus scandal: being able to get to know more clearly the various actors in the spyware industry, their ways of doing things, and getting the attention of lawmakers who will be able to act,” Clusif Secretary General insists. The upcoming hearings will take place at the end of the summer and will make a point for spyware victims and possible legal remedies. An important question, at a time when the latter seems to be increasing more and more.


History of Cecil Maisonov

An employee of the Russian gas giant Gazprom, February 18, 2015Written by Cécile Mizunov, Senior Fellow at Institut Montaigne and advisor to the Center for Energy and Climate in Ivry

History of Frederic Villox

Tech giants like Apple are buying back their shares on a massive scale.Frederic Veluvius

History of Christoph Donner

Theater and cinema.Christopher Donner

The history of Christian Gulier

French President Emmanuel Macron delivers a speech at the opening of the European Arms Fair, in Villepinte, near Paris, on June 13, 2022.Written by Christian Gaulier, economist at Toulouse School of Economics

Leave a Comment