- Security researchers have identified NSO Group-made spyware ‘Pegasus’ in the United States and 44 other countries.
- The findings were published by digital rights watchdog Citizen Lab at the University of Toronto.
- 1091 IP addresses were identified that might be conducting surveillance operations.
1091 IP addresses from 45 countries have been identified matching the Pegasus spyware by digital rights organization Citizen Lab. The security unit is based out of the University of Toronto’s Munk School of Global Affairs. The researchers were able to identify the IP addresses containing the fingerprint for spyware using a new scanning technique. However, it is unclear if the identified systems are due to an infection or if they have been targeted by foreign countries or operators.
The Pegasus spyware was designed to target iPhone and Android devices and was reported to be purchased by multiple governments. Israel based NSO group’s spyware gained notoriety, and the researchers from Citizen revealed that officials might be conducting surveillance activity from August 2016 to August 2018.
The countries that were spotted containing the Pegasus spyware include both democratic countries as well as nations with controversial human rights records. Author Bill Marczak mentioned in his report “I can only hope that our research is causing these companies to think twice about sales where there is the potential for spyware abuse, causing potential customers to think twice about being associated with a company dealing with repressive governments, and causing potential investors to think twice about the inherently risky business of selling spyware to dictators.”
The report stated that evidence of spyware abuse keeps on increasing over time by the governments. The researchers want companies that develop spyware to think twice before selling such software as it can allow repressive governments to strengthen their dictatorship.
An NSO spokesperson revealed that the list of countries that have been listed is inaccurate and that the organization does not operate in many of them. However, even if the NSO did not sell Pegasus directly to some of the listed countries, there is always the possibility of the spyware being handed down via other sources that acquired it.