Pegasus Spyware Scandal And Its Implication

Cheran

Senior Member
Joined
Sep 8, 2019
Messages
8,762
Likes
76,713
Country flag
Your respective views apart, If you havs sone knowledge then can you pls share what MSM is saying in your native language?
Well wire & fagginton post news was "may be" , "could have", "traces of software", "non conclusive" etc.

By the time this reached my place, the print news in bold & colored letters is:-

"Regime is reading your phone" (Not may be /could be but "is reading")

"Rahul Gandy's phone hacked" (Not may be /could be but "is hacked")

I have a feeling (by reading the print media) that they are *trying a lot* to make this into something so huge that GOI is stunned & can offer no "response" .

As in CAA, Rafael etc. it is all post truth.
 

garg_bharat

Senior Member
Joined
Dec 12, 2015
Messages
5,078
Likes
10,139
Country flag
It is good if they are scared that 'regime' is reading their phones.
Let them be scared.

We are in a very bad time. Do not look at the stock market for clues.
War can break out any time.

People with an inclination to collude with foreign forces need to be contained.
 

The Shrike

Senior Member
Joined
Jun 12, 2021
Messages
2,427
Likes
9,363
Country flag

Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli surveillance vendor NSO Group, Amazon said in a statement.
The move comes as a group of media outlets and activist organizations published new research into NSO's malware and phone numbers potentially selected for targeting by NSO's government clients.
"When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts," an AWS spokesperson told Motherboard in an email.
I did not get one thing, how did they supposedly find the targets across all the different countries/users in the same place? Was Pegasus a SaaS service 🤨 and one their DBs got pawned? If so sounds like an idiotic architecture, for customers to buy something that lets the software provider know about who all are getting targetted (makes it sound like a Mossad data collection operation, to be used against the customer countries as and when needed). @hawwk
 

Peter

Pratik Maitra
Senior Member
Joined
Mar 3, 2014
Messages
2,938
Likes
3,341
Country flag
So a Country like USA where Operation Mockingbird was in full tandem during the 1960s and 1970s Cold War Era is lecturing India on Press freedom and snooping.


Heck the US never had a concept of free press. Their citizens were constantly under surveillance by the CIA and the whistleblower Edward Snowden still has to hide from the so called Defenders of Peace.





Having said that, I would still reiterate that Indian Govt or any govt should never use foreign spyware to keep a tab on some dissident members of the country. Pegasus is a double edged sword. Mossad may have fashioned it as some benevolent tool to keep track of opposition actors but we all know how it uses good will and trust to betray its own allies. India should develop its own spyware and use it for national security rather than accepting the gifts of so called "friendly" foreign actors. As they say the known devil is a lot better than the unknown angel.
 

hawwk

Tihar Jail
Banned
Joined
Jun 20, 2021
Messages
680
Likes
3,264
Country flag
So a Country like USA where Operation Mockingbird was in full tandem during the 1960s and 1970s Cold War Era is lecturing India on Press freedom and snooping.


Heck the US never had a concept of free press. Their citizens were constantly under surveillance by the CIA and the whistleblower Edward Snowden still has to hide from the so called Defenders of Peace.





Having said that, I would still reiterate that Indian Govt or any govt should never use foreign spyware to keep a tab on some dissident members of the country. Pegasus is a double edged sword. Mossad may have fashioned it as some benevolent tool to keep track of opposition actors but we all know how it uses good will and trust to betray its own allies. India should develop its own spyware and use it for national security rather than accepting the gifts of so called "friendly" foreign actors. As they say the known devil is a lot better than the unknown angel.
They don't give it, they sell their cyber weapons. Heck they have much more stronger weapons than pegasus. Cyber agencies don't sell their best of their weapons. Also, Edward Snowden is a bullcrap.
 

rone

Regular Member
Joined
Dec 23, 2016
Messages
919
Likes
2,958
Country flag
The information as of I know that it exploited poor handling of VoIP memory stack buffer on Whatsapp that gave potential RCE or leaking of files. Since It's a buffer based, it should be detectable by the memory forensics experts because not always it can be exploited, the memory does print some gibberish when something doesn't work properly into logs.
Well once you get the database of whatsapp or backups then it should be easy for them. According to my experience, when I used to steal/copy whatsapp DB from other phones, I don't remember exactly but it used a key to open. According to me there's also a possibility of phishing service attached with pegasus that gained the key directly from the whatsapp servers in the name of "re-logging again on whatsapp due to some error".

Well I'm no expert in how whatsapp databases work. Never looked seriously into that. I should look into this more lol.
Actually you are quite correct on how Pegasus infection chain work but the main way it infected it's victim is different let me explain

Infection vector was a 0 day RCE exploit based on image or video format in which a special crafted mp4 file act as encrypted dropper for the main payload, the exact type of whatapp vulnerability still not clear some says it Nonserlized hep overflow other says something in same line of unsecured system calls made by child process,

After infection through RCE exploit the payload run in root privileges, considering whatsapp encryption key for its backedup crypto db files stored in root dir and root privileges give access to this key makes more easy to decrypt WhatsApp db files, also the malware have other functionalities like call recording and geo taging,

This is the same malware used to hack Amazon funder Jeff Bezos by Saudi Prince
 

not so dravidian

Senior Member
Joined
Feb 3, 2021
Messages
1,523
Likes
8,062
Country flag
Actually you are quite correct on how Pegasus infection chain work but the main way it infected it's victim is different let me explain

Infection vector was a 0 day RCE exploit based on image or video format in which a special crafted mp4 file act as encrypted dropper for the main payload, the exact type of whatapp vulnerability still not clear some says it Nonserlized hep overflow other says something in same line of unsecured system calls made by child process,

After infection through RCE exploit the payload run in root privileges, considering whatsapp encryption key for its backedup crypto db files stored in root dirs and root privileges give access to this key makes more easy to decrypt WhatsApp db files, also the malware have other functionalities like call recording and geo taging,

This is the same malware used to hack Amazon funder Jeff Bezos by Saudi Prince
sir, r u cybersecurity expert???

anyways, do we need to a comp.science degreee or ECE degree for becoming a cybersecurity expert???cud u answer this plz

@hawwk ur opinion too
 

hawwk

Tihar Jail
Banned
Joined
Jun 20, 2021
Messages
680
Likes
3,264
Country flag
Actually you are quite correct on how Pegasus infection chain work but the main way it infected it's victim is different let me explain

Infection vector was a 0 day RCE exploit based on image or video format in which a special crafted mp4 file act as encrypted dropper for the main payload, the exact type of whatapp vulnerability still not clear some says it Nonserlized hep overflow other says something in same line of unsecured system calls made by child process,

After infection through RCE exploit the payload run in root privileges, considering whatsapp encryption key for its backedup crypto db files stored in root dirs and root privileges give access to this key makes more easy to decrypt WhatsApp db files, also the malware have other functionalities like call recording and geo taging,

This is the same malware used to hack Amazon funder Jeff Bezos by Saudi Prince
Nope I don't think so, picture and gif vulnerabilities was patched patched long ago. Considering about the decryption key, can you share some documents in my DM, as it might be useful for my further project.
Thanks in advance.
 

RedPumpkin

Regular Member
Joined
Apr 9, 2021
Messages
145
Likes
647
Country flag
On this topic, do important people carry official sensitive stuff on their smartphones?.
 

rone

Regular Member
Joined
Dec 23, 2016
Messages
919
Likes
2,958
Country flag
Nope I don't think so, picture and gif vulnerabilities was patched patched long ago. Considering about the decryption key, can you share some documents in my DM, as it might be useful for my further project.
Thanks in advance.
The picture or media file format delivery method info I got from case study of Jeff Bezos hack, which is published in internet, which dates back to early 2019 to 2020, also considering media claim of so called Indian citizens targeted using nso tool dates to similar time line, am attaching a case study of nso tool hack on Jeff Bezos
it doesn't mean what I said above must be only one way of infection method am just making an educated guess, also there is high chance I may be wrong too,

about any other info feel free to come in DM I will share my TG
 

hawwk

Tihar Jail
Banned
Joined
Jun 20, 2021
Messages
680
Likes
3,264
Country flag
The picture or media file format delivery method info I got from case study of Jeff Bezos hack, which is published in internet, which dates back to early 2019 to 2020, also considering media claim of so called Indian citizens targeted using nso tool dates to similar time line, am attaching a case study of nso tool hack on Jeff Bezos
it doesn't mean what I said above must be only one way of infection method am just making an educated guess, also there is high chance I may be wrong too,

about any other info feel free to come in DM I will share my TG
Like I said, This vuln was already patched by IOS and Whatsapp. Let's talk about the present pegasus scenario. I was quite aware of this Bezos Case. I thought you were going to send some white papers on this week's pegasus matters.
 

The Shrike

Senior Member
Joined
Jun 12, 2021
Messages
2,427
Likes
9,363
Country flag
OK I get that Pegasus took advantages of various vulnerabilities in the mobile devices (I don’t understand the details but), what I'm really interested to know was how the list of all targets was found in a centralised location and how this information got leaked - only scenario I could think of is NSO (makers of Pegasus) themselves got hacked or they leaked this info. Was this explained in any of the news articles?
 

hawwk

Tihar Jail
Banned
Joined
Jun 20, 2021
Messages
680
Likes
3,264
Country flag
OK I get that Pegasus took advantages of various vulnerabilities in the mobile devices (I don’t understand the details but), what I'm really interested to know was how the list of all targets was found in a centralised location and how this information got leaked - only scenario I could think of is NSO (makers of Pegasus) themselves got hacked or they leaked this info. Was this explained in any of the news articles?
Obviously No, how can a malware infect themselves lmao. As @rone pointed out, it was 0-click attack. Still we should wait till more details come out. Memory forensic experts found out the malware.
Yes it was still a buffer overflow (or poor handling of memory) in the IOS based devices to get root-like access.

It's more diverse and might used a 0-day from one of these apps - Whatsapp (Calls (as seen in past), messages), iMessages, or Browsers.
 

Latest Replies

Global Defence

New threads

Articles

Top