Details and screenshots of a prototype version of the Pegasus spyware designed for Israeli police back in 2014 reveal the tools and far-reaching capabilities of a system that was slated to be deployed in everyday police work.
The spyware's suite of tools, which were supposed to be presented to the security cabinet headed by then-Prime Minister Benjamin Netanyahu, included various capabilities sought by police – ranging from listening to any phone call on an infected phone, reading text messages, to remotely opening the microphone and the camera without the phone owner's knowledge.
Earlier, the former police commissioner Roni Alsheich claim that "The Israel Police doesn't have Pegasus, to dispel all doubt". In response, an investigative committee led by Deputy Attorney General Amit Merari sought to examine whether police use attack spyware, Pegasus or not.
Merari's team discovered that even though there had been no eavesdropping without court orders, spyware had indeed been used, though the police referred to it by a different name: Seifan.
The Merari team discovered that the spyware was operationally deployed as early as 2016, when Alsheich was still the commissioner, using technology that went beyond its legal authority. The phone data collected exceeded what was legally permitted by court orders and the organization still holds the information in the databases of its cyber department.
According to Israel newspaper Haaretz, the slated cabinet presentation highlighted the potential police applications of the spyware, which included covertly monitoring "protected messages" as well as voice and text chats on advanced cell phones. Police investigators gained access to all of these features after a suspect's phone was "infected."
The police intended to further present the reach of the spyware in a hacked phone which included location, contacts list, messages, emails, instant messaging, outgoing and incoming calls, calendar, remote recordings, remote camera use, microphone use, and other information.
It is unknown if these things, as well as the physical appearance and capabilities of the police-implemented system, were ever presented to the cabinet ministers. A source familiar with the details claims that the proposal was submitted to senior security officials in 2015 as well.
Screenshots from the prototype of the system the police intended to use were included in the presentation and show the NSO logo and the product name Pegasus itself. Additionally, they show some of the distinctive traits that, according to reports from Israel and other countries, are present in spyware.
|A screenshot of the Pegasus spyware interface being used to read Whatsapp messages.|
The screenshots demonstrate the wide range of tools that the police intended to use as soon as a device was infected. One of the images depicts a WhatsApp correspondence of a certain “John Doe,” with a woman who is identifiable by her name.
The woman was a sales manager at NSO, thus in addition to showing system capability, also showed the connection to the company. This is not the only instance, there are also details of other talks between John Doe and five additional NSO employees.
Another capability of Seifan mentioned in the presentation is the interception of incoming and outgoing phone calls. Besides this ability, which seems to be relatively routine in the world of intelligence surveillance, there is another one known in professional parlance as "volume listening" and is considered much more intrusive.
In simple terms, it means wiretapping in real time to the phone's surrounding through the remote activation of the device's microphone. This type of wiretapping requires an order from a district court president or their deputy.
While the phone's owner can sometimes assume that their calls are intercepted by the police and behave accordingly, they do not necessarily act this way while not actively using their phone or in a private place.
The list of capabilities the police intended to outline goes beyond wiretapping and includes the remote operation of the camera on the "infected" device, an action that is very likely illegal as the law does not explicitly permit the planting of concealed cameras, and certainly does not permit the remote control of a camera by hacking a suspect's mobile device.