I've just finished reading a recent book on Pegasus.
Synopsis from Amazon:
Featuring an introduction by Rachel Maddow, Pegasus: How a Spy in Our Pocket Threatens the End of Privacy, Dignity, and Democracy is the behind-the-scenes story of one of the most sophisticated and invasive surveillance weapons ever created, used by governments around the world.
Pegasus is widely regarded as the most effective and sought-after cyber-surveillance system on the market. The system’s creator, the NSO Group, a private corporation headquartered in Israel, is not shy about proclaiming its ability to thwart terrorists and criminals. “Thousands of people in Europe owe their lives to hundreds of our company employees,” NSO’s cofounder declared in 2019. This bold assertion may be true, at least in part, but it’s by no means the whole story.
NSO’s Pegasus system has not been limited to catching bad guys. It’s also been used to spy on hundreds, and maybe thousands, of innocent people around the world: heads of state, diplomats, human rights defenders, political opponents, and journalists.
This spyware is as insidious as it is invasive, capable of infecting a private cell phone without alerting the owner, and of doing its work in the background, in silence, virtually undetectable. Pegasus can track a person’s daily movement in real time, gain control of the device’s microphones and cameras at will, and capture all videos, photos, emails, texts, and passwords―encrypted or not. This data can be exfiltrated, stored on outside servers, and then leveraged to blackmail, intimidate, and silence the victims. Its full reach is not yet known. “If they’ve found a way to hack one iPhone,” says Edward Snowden, “they’ve found a way to hack all iPhones.”
Pegasus is a look inside the monthslong worldwide investigation, triggered by a single spectacular leak of data, and a look at how an international consortium of reporters and editors revealed that cyber intrusion and cyber surveillance are happening with exponentially increasing frequency across the globe, at a scale that astounds.
Meticulously reported and masterfully written, Pegasus shines a light on the lives that have been turned upside down by this unprecedented threat and exposes the chilling new ways authoritarian regimes are eroding key pillars of democracy: privacy, freedom of the press, and freedom of speech.
I loved reading this book.
I only had vaguely heard about Pegasus, this book gave me a much better understanding of zero-click vulnerabilities, and where we're heading if privacy does rise to the top of every citizen's mind. It's masterfully written, very compelling, and, as a side bonus, gave me a better view of certain countries and their internal politics that have dominated the news in recent years. Saudi Arabia, Morocco, France, Mexico, etc.
It is written by a large consortium of journalists from the MSM, showing the power of investigative journalism when done right.
They managed to bring down ONS, the company behind Pegasus. Unfortunately, new companies have already taken ONS's place, so other than awareness, I'm afraid, it's still up to each individual to improve how they manage their virtual identity.
Here the focus was mainly on Apple, but I imagine Android is also susceptible to these kind of zero-click vulnerabilities.
  • Did you read this book?
  • Did you like it?
  • Are there biases I should be aware of when assessing the validity of the theses presented in the book?
  • Do you have other interesting tidbits about Pegasus and related projects?
  • How does using a non-Android or non-Apple phone may help me do my part in increasing my immunity to zero-click vulnerabilities?
  • Other recommendations that I can act on?
(this post would probably also fit the ~privacy territory)
I haven’t read the book but it sounds a bit scary! There was a lot of information a few months ago in Spain in connection with Morocco using this program to get information from Spanish politicians
reply
In the book, they do mention some client spying on one of the opposition party politicians in Spain, but i don't remember they gave specifics by name. So the client was from Morocco?
reply
There were two separate investigations. One involved Catalonian politicians close to nationalist parties. The second one involved members of Spanish government including the President.
Apparently Morocco was involved though nothing has been proved.
reply
Thanks for the book recommendation! Just bought on Audible and looking forward to reading it. I wonder though if privacy focused Android forks like GrapheneOS are still susceptible to this?
reply
In this case, Android phones were also targeted. However, it was harder to assess the damage as there were less visible traces in the logs, if i recall well.
Don't know about GrapheneOS...
Let me know how you liked the book after reading it.
reply
21 sats \ 1 reply \ @OT 26 Aug
It sounds interesting. I might have to read it too.
Did it make you re-think anything about how you use bitcoin?
reply
Not necessarily bitcoin, but it did make me think a lot about that fine balance between trying to thwart terrorist attacks by tracking their means of communication and the need for individual privacy.
I wonder if there is an argument to be made that absolute privacy trumps even the smallest infringement of it. I wish there were, but it's rarely black and white, so i guess it'll mostly a matter of fighting the clear cases of abuse outlined in the book.
reply