10 Pegasus operators deployed the Pegasus spyware for cross-border surveillance and may be violating US law. Credit: Getty Images In a new report, Citizen Lab researchers warned that sophisticated mobile spyware, dubbed Pegasus — made and sold by the Israeli company NSO Group — has been found not only on Androids and iPhones in countries with questionable human rights protections, but also in the U.S. The researchers believe this cross-border surveillance likely breaks the law in the U.S. and other countries. Citizen Lab via TwitterTo become an NSO Pegasus infection victim, the operator has to trick a person into clicking a link that then delivers a chain of zero-day exploits and secretly installs Pegasus on the phone. After the malware installs on the target’s iPhone or Android phone without the user’s knowledge, it is then capable of spying via the phone’s camera and microphone. It can also steal text messages, passwords, photos, contact list, calendar events, and much more.After Citizen Lab created fingerprints as a way to track Pegasus spyware, they identified 1,091 IP addresses between August 2016 and August 2018 that matched their fingerprint for NSO’s spyware. Using a technique dubbed Athena, the researchers clustered the IP addresses to come up with 36 groups that deployed the spyware against targets in 45 countries, including the U.S., U.K. and Canada.Ten of the 36 different Pegasus operators appear to have infected victims’ phones across multiple countries for cross-border surveillance. The researchers noted that cross-border targeting and monitoring “is a relatively common practice.” They added:The scope of this activity suggests that government-exclusive spyware is widely used to conduct activities that may be illegal in the countries where the targets are located. For example, we have identified several possible Pegasus customers not linked to the United States, but with infections in US IP space. While some of these infections may reflect usage of out-of-country VPN or satellite Internet service by targets, it is possible that several countries may be actively violating United States law by penetrating devices located within the US.NSO Pegasus infections were found in the following 45 countries: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia. Although NSO denied the list of countries is accurate, many on the list have questionable human rights protections.Granted, Citizen Lab researchers admitted that some of the geolocation findings could be inaccurate, as some Pegasus infection victims could be using VPNs or satellite connections that make them appear to be in a different country.Citizen Lab suggested NSO is not doing its due diligence, as it has “a significant number of customers that maintain active infections in other countries, likely violating those countries laws. The global market for government exclusive spyware continues to grow, and as it does, more governments and security services with histories of abuse will acquire this technology. The expanding user base of spyware like Pegasus will enable a growing number of authoritarian states to pry into into the digital lives of their own citizens, but also into phones and computers in pockets and purses around the globe.” Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe