On 10 August, Ahmed Mansoor received a text message to his iPhone promising to reveal "secrets" about people allegedly being tortured in UAE state prisons.
Mansoor, the target of a major security attack by NSO Group was instructed to click on the link to find out more.
However, Mansoor knew better than to click on the link, having been a repeated target by government hackers before, and forwarded the link to Bill Marczak, a researcher at Citizen Lab.
Infiltrated, Stolen & Exploited
Mansoor's hunch was correct, the link would not have afforded him any more information on who was being held in UAE state jails, rather than it would have exploited three unknown vulnerabilities in Apple's iOS operating system.
Read about the arsenal of expensive Western/Israeli spyware used against @Ahmed_Mansoor https://t.co/0CZv5VbVrv pic.twitter.com/QIIsStu6FT
— Ala'a Shehabi (@alaashehabi) August 25, 2016
As he clicked on the link in the text message, "Mansoor's phone would have become a digital spy in his pocket, capable of employing his iPhone's camera and microphone to snoop on activity in the vicinity of the device," a statement from Internet watchdog Citizen Lab revealed.
"Recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements."
Had the hackers got through, every inch of Mansoor communications and data could be infiltrated, stolen and exploited.
'Sophisticated Cyberespionage'
According to Citizen Lab:
"It's one of the most sophisticated pieces of cyberespionage software we've ever seen."
The malware can create a backdoor to every inch of communications data stored on an iPhone.
The cyberattack on Mansoor, thwarted by his sense not to open a suspect link on his iPhone hasn't only exposed vulnerabilities on an iPhone that Apple have had to quickly fix, but the truth behind the Israeli cyber security company behind what could be a state sponsored attack.
#UAE allegedly paid millions the "NSO Group" to hack @Ahmed_Mansoor's #iphone, the 2015 @martinennals laureate https://t.co/phjtRps2Av
— Jean-Claude Vignoli (@jc_vignoli) August 26, 2016
'Cyber Arms Dealer'
Mike Murray, Lookout's vice president of research told Motherboard that NSO Group is "basically a cyber arms dealer."
"We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step…[it's] one of the most sophisticated pieces of cyberespionage software we've ever seen."
The information offered by the Israeli-based firm on its LinkedIn page is more like a Wikipedia entry, putting anyone sniffing around for some state sponsored espionage off the scent. That's until Ahmed Mansoor decided not to click on a link allowing the NSO Group full access to his iPhone, instead giving the world full access to what the company is really capable of.
NSO Group's malware, codenamed "Pegasus", surreptitiously and stealthily infects an iPhone, stealing all its data.
And that hacking attempts at Mansoor have blown Hacking Team, FinFisher, and NSO group malcode. Hat trick for the UAE!@josephfcox
— Nicholas Weaver (@ncweaver) August 25, 2016
"It intercepts every call, it intercepts every text message, it steals all the emails, the contact, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone," Murray told Motherboard.
"It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contact, everything from Skype, WhatsApp, Viber, WeChat, Telegram — you name it."
Now the world is more aware of what a little known cyber security firm based in Israel is developing and it's a lot more complex than just Internet security; more like malware never been seen before — until now.