Did you know that many computer viruses that infect computers have been created by governments? The tools for detecting computer viruses and malware have been improving, leading to the discovery of numerous new viruses that had been lurking inside computers for some time. Anti-virus analysts spent weeks deciphering many of these viruses and realised that the level of effort and complexity involved in creating them would have required a large team of programmers working over several years.
These sophisticated viruses often spread from one computer to another and are specifically designed to seek out a particular type of computer in a specific location. The target is usually at a specific organisation or individual, but sometimes the targets are whole telecommunication companies, military defense contractors, or uranium enrichment plants.
United States
The United States has been active in state-sponsored cyber activities for years. They have produced some very sophisticated computer viruses used as a cyber weapon against specific targets in other countries. Some well known examples are Stuxnet, Flame, and Duqu.
United Kingdom
The United Kingdom has been associated with state-sponsored cyber activities through entities like the Government Communications Headquarters (GCHQ). They have been growing their cyber capabilities in recent years, although specific malware attribution is less prevalent.
Russia
Russia has been linked to various cyber operations, including the creation of malware like NotPetya, Sofacy (also known as APT28 or Fancy Bear), and others.
China
Many state-sponsored cyber activities come from China, which include advanced malware and other cyber espionage campaigns. Cyber groups known as APT1, APT10 (also known as Stone Panda), and others have been attributed to the Chinese.
France
France has been reported to have developed its own offensive cyber capabilities, but specific details regarding the creation of malware are less publicly available.
Germany
Germany has been mentioned in relation to state-sponsored cyber activities, although information regarding specific malware attribution is limited.
Israel
Israel has been associated with the creation of Stuxnet, a highly sophisticated malware that targeted Iran’s nuclear program. It has also been linked to other cyber operations and advanced malware.
North Korea
North Korea, particularly its Reconnaissance General Bureau (RGB), has been implicated in various cyber activities, including the creation of malware like WannaCry and other cyber-attacks targeting different sectors.
Iran
Iran has been linked to cyber operations, including the use of malware like Shamoon and attacks against various targets, often in response to geopolitical tensions.
There are many organisations dedicated to hacking of different devices, trying to find new security holes which when found, are then sold as “Zero-Day Exploits”. Well known teams such as Vupen (France), NSO (Israel), Hacking Team (Italy), Zerodium (Vupen) and EquationGroup (US) all make money by selling the security holes they find, and it’s usually governments which pay for them.
The governments in most countries today spend large amounts of money on defensive and offensive cyber actives which includes hacking as to steal sensitive information, disrupt critical infrastructure, or even launch cyberattacks.
It can be difficult to protect yourself against such threats, but most of these viruses/malware come from fake emails pretending to be authentic such as email which appears to have come from your bank, otherwise known as phishing. The other common method is from ‘free’ downloaded software. I recommend scanning any downloaded file with totalvirus before running/opening/installing it.
Listen to our podcast
A more recent threat involves iPhone exploits through sophisticated spyware like ‘Pegasus’, its software developed by the Israeli company NSO Group. Unlike traditional computer viruses that often requires a user to click on a link or download a file, Pegasus is advanced enough to bypass even those basic defence mechanisms. This makes it particularly dangerous for unsuspecting iPhone users.
What Are Zero-Day Exploits?
These are vulnerabilities in software that developers haven’t discovered or fixed yet. Hackers or companies like NSO Group find and exploit these vulnerabilities to access systems without being detected. The term “zero-day” refers to the fact that the software’s creators have zero days to fix the flaw before it’s actively exploited. Once these vulnerabilities are found, they can be sold for large sums of money, often to governments or private entities as to be able to easily hack devices.
NSO Group and Pegasus Spyware
NSO Group gained international attention for developing Pegasus, spyware that has been used by various governments around the world. Pegasus is designed to hack into smartphones without the user’s knowledge. Originally developed for law enforcement and intelligence agencies to track criminals and terrorists, it has been misused to target journalists, human rights activists, and even political figures, often without their knowledge.
Pegasus is particularly concerning because it can carry out what’s known as “zero-click” attacks. Unlike phishing attacks, which require users to click on a malicious link or download a file, zero-click attacks can install spyware on a phone without any action from the user. This makes Pegasus particularly effective and stealthy, allowing it to gain full access to an iPhone’s data, including encrypted messages, emails, call logs, and even the camera and microphone.
How iPhone Hacks Happen
iPhones are generally highly secure, much more secure than Android devices, but despite this, iPhones have not been immune to exploits like those used by Pegasus. In fact, Apple has faced challenges in keeping its operating systems completely secure against such spyware. One of the reasons Pegasus is so dangerous is its ability to exploit zero-day vulnerabilities in iOS, the operating system that powers iPhones.
In 2021, Apple filed a lawsuit against NSO Group, accusing the company of targeting Apple users with Pegasus spyware. Apple claimed that the spyware violated its policies by abusing its products and infrastructure. The lawsuit sought to prevent NSO from using Apple’s products to continue their surveillance operations. However, as more information about Pegasus and other surveillance programs came to light, Apple decided to drop the lawsuit in 2024, citing concerns about exposing sensitive information that could benefit other spyware creators. What these concerns are we can only speculate, but it maybe to avoid highlighting vulnerabilities and revealing more details about government surveillance programs.
The Implications of Pegasus Spyware
The use of Pegasus has revealed some uncomfortable truths about the level of surveillance that modern technology can enable. Although governments claim they use Pegasus for national security purposes, it has been used to target individuals who pose no criminal threat. Investigations led by Citizen Lab and Forbidden Stories have shown that Pegasus has been used against journalists, political dissidents, and even business leaders.
One high-profile example involved the assassination of journalist Jamal Khashoggi. It was revealed that close associates of Khashoggi had been targeted by Pegasus spyware before and after his murder. This sparked global outrage and brought further scrutiny to NSO Group’s operations
How Can iPhone Users Protect Themselves?
Although Pegasus is a highly advanced form of spyware, there are still steps you can take to minimize your risk:
- Keep Your iPhone Updated: Apple regularly releases software updates to patch security vulnerabilities. Installing these updates as soon as they are available is your first line of defence against new exploits.
- If you think you are being targeted, then enable ‘Lockdown Mode’. Apple introduced Lockdown Mode in 2022. This feature limits the ways your iPhone can be exploited by reducing the attack surface of the device. When Lockdown Mode is enabled, it restricts many common methods of attack, including message attachments and incoming calls from unknown numbers.
- Use Secure Messaging Apps: While apps like iMessage and WhatsApp offer encryption, spyware like Pegasus has been able to bypass these protections. Some secure communication apps, like Signal, take additional precautions to prevent hacking. Even then, being cautious about what information you share over these channels is critical.
- Be Aware of Suspicious Behaviour on Your Device: If your iPhone begins acting strangely, such as sudden battery drain or unusual overheating, it may be a sign of spyware. In this case, running a security check or consulting with a professional may help.
References:
- Apple Seeks to Drop its Lawsuit Against Israeli Spyware Pioneer NSO
– This Apple News article discusses the decision by Apple to withdraw its lawsuit against NSO Group. - Forbidden Stories: The Rise and Fall of NSO Group
– Forbidden Stories looks at NSO Group’s rise to prominence with Pegasus spyware. - Apple vs. NSO Group Complaint (PDF)
– This document outlines Apple’s legal case against NSO Group and details how Pegasus spyware targeted iPhone users. - Forbidden Stories – Pegasus Project
– This is a collaborative investigative project that exposed how Pegasus spyware was used to target individuals, including journalists and activists. - Citizen Lab Reports on Pegasus
– Citizen Lab is a research group that has extensively studied NSO Group and Pegasus, detailing how the spyware works and who has been targeted. - EFF on Pegasus Spyware
– The EFF provides comprehensive insights into how Pegasus has been misused and the privacy implications for citizens worldwide. - NSO Group Official Site
– This is the official website where NSO Group discusses their products and the intended use of Pegasus. - Amnesty’s Forensic Analysis
– Amnesty International has played a crucial role in uncovering the forensic traces of Pegasus spyware on victim devices. - Digital Violence
– Detailed investigations into how digital surveillance technologies, like Pegasus, are used to target and harm individuals, with a focus on human rights violations. - Virus Total Graph
– Antivirus analyses of Analysis Pegasus.
