The commission of inquiry on pegasus of the European Parliament has already begun to roll and has done so this Tuesday by questioning three experts in cybersecurity to start unraveling the mysteries of a software espionage which has opened a deep breach of mistrust in the European Union and in Spainwhere it has provoked the dismissal of the director of the CNI, Paz Esteban.
According to their conclusions, the capabilities of the software, manufactured by the Israeli company NSO Groupare almost infinite because it not only allows access to mobile phones for to spy conversations or access information collected therein but also put data inside the spied terminal.
“The software makes it possible to manipulate the entire phone. He has access to all rights so he can place data in the terminal & rdquor ;, he explained Constance Kurz of the portal netzpolitik.org and one of the three cybersecurity experts who have appeared at the first meeting of the investigation commission. “Pegasus is an administrator of his phone and therefore can do whatever he wants. She can read files and if she can read them she can also read the credentials authentication cookies, which are the ones that allow her to open her email account. Pegasus can replace you online and may have the ability to embed files on devices. There is no way of knowing if this possibility is truly used” because “there are no independent audits of how it behaves & rdquor; but “we cannot exclude that there is a Pegasus version that is capable of implanting files”, he added adam haertlepublisher of the Polish cybersecurity portal Zaufana Trzecia.
What they are clear about is that the Israeli company has to know who the victims are because the manufacturer continues to provide support services to customers who acquire the licenses and it is impossible to use the system without the company providing that service. “They say they have no idea who the victims and that they monitor their clients to see if they are not abusing the system” but it is “a contradictory statement and you have to assume the worst. They know who the victims are and it is possible from a technical point of view & rdquor ;, points out the same expert.
iPhone, easy prey
Haertle also warns that iPhone’s they are “easy prey” and that they are easier to spy on than Android due to the greater fragmentation that exists in the models that use this operating system. “For Android, it would have to generate more versions for a single terminal and it would be more difficult to hit & rdquor ;, they estimate. It is also more difficult to look for evidence of possible espionage in Android.
Related news
Regarding the attribution of espionage to such governments, the experts questioned recognize the difficulty of attributing the attack because intermediary operators are used and where the data is sent is hidden. But they assure that there are techniques to anchor certain attacks and that it is very difficult for software to leave no trace. “If several attacks are grouped, you can conclude what the targets are and you can get an idea of who the operator is & rdquor ;, he maintains Bill Marczakfrom CitizenLab, the body that has uncovered the ‘CatalanGate‘.
As he has detailed, although the licenses allow spying in a certain country, he admits that “if a client pays enough, it is normal for NSO to let him spy & rdquor ;, with small limitations. For example, clients cannot spy in Israel or the United States to unless they are based there. Although they have not given figures, experts acknowledge that access licenses to espionage programs cost “millions” or “tens of millions” depending on the espionage function. Countries like Israel, the United States , Germany, Russia, France or China have their own instruments without having to resort to companies like NSO Group.