FBI deployed unconstitutional ‘zero-click’ Pegasus surveillance software

https://www.washingtontimes.com/news/2022/nov/16/fbi-deployed-unconstitutional-zero-click-pegasus-s/

During the Trump administration, the FBI paid $5 million to an Israeli software company for a license to use its “zero-click” surveillance software called Pegasus. Zero-click refers to software that can download the contents of a target’s computer or mobile device without the need for tricking the target into clicking on it. The FBI operated the software from a warehouse in New Jersey.

Now back to the FBI and Phantom.

In July 2021, President Biden personally put a stop to the FBI’s use of Phantom, and the congressional intelligence committees assumed that that was the end of it.

Yet last week, when reporters revealed the results of Freedom of Information Act requests for memos and court documents pertaining to Phantom, a different story emerged. The documents the FBI furnished reveal a vast determination by their management to showcase and deploy Phantom to its agents and other federal law enforcement personnel.

>>17798810

Pegasus

https://www.kaspersky.com/blog/pegasus-spyware/14604/

Pegasus relied on a whopping three zero-day (previously unknown) vulnerabilities in iOS that allowed it to silently jailbreak the device and install surveillance software.

As for surveillance, let’s be clear: We’re talking total surveillance. Pegasus is modular malware. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. Basically, it can spy on every aspect of the target’s life.

It’s also noteworthy that Pegasus could even listen to encrypted audio streams and read encrypted messages — thanks to its keylogging and audio recording capabilities, it was stealing messages before they were encrypted (and, for incoming messages, after decryption).Another interesting fact about Pegasus is that it tries to hide itself really diligently. The malware self-destructs if it is not able to communicate with its command-and-control (C&C) server for more than 60 days, or if it detects that it was installed on the wrong device with the wrong SIM card (remember, this is targeted spying; NSO’s clients weren’t going after random victims).

Pegasus for Android does not rely on zero-day vulnerabilities. Instead it uses a well-known rooting method called Framaroot. Another difference: If iOS version fails to jailbreak the device, the whole attack fails, but with the Android version, even if the malware fails to obtain the necessary root access to install surveillance software, it will still try directly asking the user for the permissions it needs to exfiltrate at least some data.

>>17798810

Phantom another NSO built software for encryption cracking

Recently, Justice and the Federal Bureau of Investigation (FBI) engaged with NSO on newly-developedencryption cracking software called Phantom that would enable federal law enforcement to work around U.S. privacy lawsin criminal cases without cooperation from mobile carriers, Apple or Google, the New York Times reported. The U.S. was the only country allowed to license the software, the report said.

The FBI has acknowledged testing Pegasus for criminal investigations, the Post reported. In a statement to the newspaper, the FBI said the spyware had not been used “in support of any investigation.”

Discussions with Justice officials and the FBI about Phantom reportedly continued until last summer when the latter agency decided not to engage with the spyware maker on Phantom. For its part, NSO flatly denied conducting business with cash or engaging with Mobileum and said it had no knowledge of an investigation by Justice.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/spyware/nso-groups-pegasus-spyware-and-phantom-encryption-cracker-trigger-fresh-concerns/

https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html

http://archive.today/2022.01.30-033138/https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html

>>17798810

FYI, NSO Group claims to have developed the best spying tool (as Phantom) that has the potential to hack into any phone device operating in United States.

NSO is the same company that was banned by the Biden administration from trading in North America and so will no longer be eligible to develop or sell any software to the government agencies linked to White House.

Till the year 2019, FBI was intending to buy the hacking software to curtail phone based crimes, thence protecting the integrity and civil liberties of the people of America.

But as the company was facing a lot of legal hassles from tech companies like Apple Inc, Facebook owned Meta- also a parent company of WhatsApp and Android owned Google, FBI has decided to drop or either holds the plan to purchase a spying license to the Phantom Spying software from NSO.

Interestingly, the company’s said software was also on much demand from other law enforcement agencies such as CIA, the Secret Service and the US Military’s Africa Command.

But since an executive order to ban the software operations and trade was imposed on the Israeli firm for developing Pegasus spying software, its services and products cannot be purchased by anyone from the Joe Biden led Nation.

https://www.cybersecurity-insiders.com/fbi-still-unsure-about-israel-phantom-spyware/

This lines up with what the FBI whistleblower is saying to Bongino.

Iranian cyberfirm caught impersonating Proud Boys

https://cyware.com/news/fbi-issues-warning-about-iranian-cyber-firm-emennet-4a57ea22

The FBI issued a private industry notification to warn organizations of an Iranian cyber firm conducting malicious activities against them. Named Emennet Pasargad, the company has frequently rebranded to evade sanctions imposed by the U.S. government. The alert also details the TTPs used by the group.

What’s going on?

Emennet posed as a radical right organization, named Proud Boys, during the presidential election in 2020. As per the FBI’s notice, the group has expanded its operations and is targeting various industry verticals and propagating hostile propaganda. The agency stated that Emennet performed conventional cyber exploitation against news, travel, shipping, financial, telecoms, and oil & petrochemical sectors in the U.S., the Middle East, and Europe.

Modus operandi

The group used multiple VPNs to hide their location and various commercial and open-source tools, such as Acunetix, SQLmap, Wappalyzer, Shodan, wpscan, Netsparker, and Dnsdumpster.

It chose its targets by combing the web for major firms in various sectors.

The hackers would, subsequently, look for vulnerabilities to exploit in the targets’ software.

In some cases, they would try identifying hosting and shared hosting services.

The researchers found that Emennet was especially interested in webpages running PHP code, along with WordPress, Apache Tomcat, and Drupal.

The group has, moreover, tried to leverage past intrusions by other actors.

Extra facts

In October 2021, the U.S. District Court for the Southern District of New York charged two Iranian nationals associated with Emennet for cyber fraud and intrusion, conspiracy offense, and interstate threats.

The Department of Treasury Office of Foreign Assets Control denominated Emennet, four members from the firm’s management, and two employees for their attempts at influencing the election.

The hackers had, formerly, launched cyber-enabled information operations using a false flag image to distribute propaganda via SMS.

The bottom line

The private industry notice offers a detailed historical review of Emennet Pasargad’s malicious activities. The FBI has offered certain recommendations to stay safe from the threat, including the implementation of reliable antivirus and anti-malware solutions and patching vulnerabilities in software at the earliest.

>>17798819

FBI document

https://www.ic3.gov/Media/News/2022/220126.pdf