Ron Deibert

Globe

Articles

بيغاسوس PEGASUS ضد بريداتور PREDATOR: الاستهداف المضاعف لجهاز الآيفون الخاص بمعارض يكشف عن برنامج التجسس المأجور من Cytrox

بواسطة: بيل مارزاك، جون سكوت-رايلتون، بحر عبد الرزاق، نورا الجيزاوي، سيينا أنستيس، كريستين بردان، ورون ديبرت. النتائج الرئيسية تم اختراق معارضَين مصريين في المنفى؛ وهما السياسي أيمن نور، ومقدم برنامج شهير (والذي يرغب بألا يفصح عن هويته). تم الاختراق بواسطة برنامج التجسس بريداتور (Predator)، والذي تم تطويره وبيعه بواسطة  Cytrox لتطوير برامج التجسس المرتزقة، وهي… Read more »

Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild

While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.

من اللؤلؤة إلى بيغاسوس: الحكومة البحرينية تخترق نشطاء عبر استغلال ثغرة “Zero-Click” من “NSO Group”

لقد حددنا تسعة نشطاء بحرينيين تم اختراق أجهزتهم الآيفون باستخدام برنامج تجسس “Pegasus” من NSO Group في الفترة ما بين يونيو 2020 و فبراير 2021. بعض النشطاء قد تم اختراقهم باستغلال ثغرتين zero-click في iMessage, كنا قد سمينا الثغرتين التي تم اكتشافها في 2020 ب KISMET، أما الثغرة المستخدمة في 2021 فنسميها FORCEDENTRY

From Pearl to Pegasus: Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits

We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society).

Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware

Forbidden Stories and Amnesty International requested that the Citizen Lab undertake an independent peer review of a sample of their forensic evidence and their general forensic methodology. We were provided with iTunes backups of several devices and a separate methodology brief, and independently validated that Amnesty International’s forensic methodology correctly identified infections with NSO’s Pegasus spyware.

Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus

Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Using Internet scanning, we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.

Response to NSO Group on the Great iPwn Report

Since 2016, the Citizen Lab has published numerous reports regarding the use of Pegasus spyware against human rights defenders, journalists, politicians, and other members of civil society. Despite these findings, NSO Group has failed to substantively engage or respond to the research presented by the Citizen Lab and other organizations.