Will Erato Succeed in Stopping the Spyware Attacks in France?

Cyber security concerns have increasingly grown worldwide, especially due to the deep damages the cyber-crimes cause to individuals, corporate organizations, governments, financial institutions, and all other organizations one can imagine.

Initiatives aiming to ensure the safety and protection of information and data from spyware attacks are many. France, as many other countries, set cyber security as a strategic priority of its agenda. Thus, it assigned a team to work on a system able to counter the spyware attacks, namely the Pegasus spyware.

The intelligence online revealed in its March report that Kevin Rivaton's Cristal Group, which in November acquired former French secret service hacker Patrice Guichard's Celteam, is developing countermeasures against NSO Group's Pegasus and other spyware.

It pointed out that the French private investigative firm Cristal Group, founded by former lawyer Kevin Rivaton, is preparing to launch Erato, a forensic analysis tool to detect the presence of malware such as geolocation and cell phone spyware. The company set the Pegasus spyware program of the Israeli electronic intelligence company NSO Group, as its first target.

 

Erato Counter-Measures

The intelligence online disclosed that Erato works through a small, single-board computer, such as a Raspberry Pi, with a Wi-Fi chip that will act as an Internet access point for the phone being examined. The system looks for Indicators of Compromise (IOC), or technical items observed in previous attacks that could indicate a cyber breach.

Erato uses penetration indicators identified by Celteam—the company of the former French secret service hacker Patrice Guichard, which was acquired by the Cristal Group last November and is now Cristal Celteam. The company is particularly interested in servers linked to malicious software.

Initially, in the field of corporate intelligence, the Cristal Group has been increasingly turning to cybersecurity. In 2020, the group acquired Clavys, the secure communications company founded by Yves Mathen, the former technical director of the French foreign intelligence service, DGSE, and joined Cristal Cyber, which developed the secure messaging service Frogtrust. Erato was jointly developed by Cristal Cyber ​​and Crystal Celteam.

In an interview with Al-Estiklal, the Researcher at Sabahattin Zaim University Soumia Rahali said: “I believe that the Erato system could be effective in countering the Pegasus attacks. However, we would be unrealistically optimist if we expect that Erato would be able to stop the major spyware attacks in France.”

In the wake of the Pegasus spyware scandal, the Israeli NSO group headed by Shalev Hulio, has become a pariah in the world of spyware attacks, and in the cybersecurity sector.

In France, where Pegasus is suspected of targeting French President Emmanuel Macron, cybersecurity firm Tehtris, founded last July by former DGSE members Elena Poincet and Laurent Oudot, announced that its technologies could reveal the presence of Pegasus. The company's solutions, Tehtris MTD (Mobile Threat Defense), are not based on IOCs but rather detect weak signals, called "low-level system anomalies."

 

Pegasus Scandal

The revelations of the Pegasus were an aftermath on the international scene, in particular because of the high-value targets mentioned and the extent of the espionage system put in place.

In France, suspicious markers attributed to spyware have been found on the mobile phones of several government officials, but according to new information shared by Reuters the case does not stop at Pegasus.

Le Monde and sixteen other newsrooms had access to more than 50,000 telephone numbers potentially targeted by Pegasus, a powerful Israeli spyware, on behalf of a dozen states. A digital weapon used against journalists, lawyers, activists and politicians in many countries, including France.

It is a bewildering directory, in which we find a European head of state and two heads of government; men and women at the highest levels of power in a former Soviet republic; dozens of opposition MPs from an African country; princes and princesses, business leaders, a few billionaires, ambassadors, generals. And then, also and above all, hundreds of journalists, lawyers, human rights activists.

Bastien Bobe, technical director for Southern Europe of the cybersecurity company told France 24: "If we take this market in the broad sense, there are thousands of tools that allow you to spy on what is happening on a mobile phone."

She added that this handful of players do not stand out thanks to the sophistication of their spyware. The capabilities of Pegasus—listening to conversations, reading messages sent on WhatsApp or Telegram, taking photos with the hacked device, geolocating the smartphone, etc.—are no longer extraordinary in 2021.

She emphasized that What distinguishes these lords of cyber-surveillance equipment is their ability to guarantee their customers that the spyware will be installed discreetly on the terminals of the victims with Zero click.

 

Strategic Objective

In February 2022, The French national strategy for cybersecurity was announced, with a plan of more than one billion euros, aiming to triple the turnover of the cyber sector and create 37,000 jobs by 2025.

This strategy is based on four axes: developing sovereign and innovative cybersecurity solutions, strengthening the links and synergies between the players in the sector, supporting demand (individuals, businesses, communities and the State), in particular by raising French people's awareness of cybersecurity, while promoting national offers and training more young people and professionals in cybersecurity professions.

Cyberattacks against organizations quadrupled in 2020, a trend that affected "all players and all countries", underlined the Elysée.

With the large-scale attack against digital giants and national agencies in the United States as well as that against the European Medicine Agencies. French hospitals were particularly vulnerable. They were the subject of 27 major cyber-attacks in 2020, said  the Secretary of State for the Digital Transition Cédric O in February 2021.

Although the hackers often remain unknown and difficult to arrest, coordinated law enforcement action by the United States, France, other EU countries and Ukraine succeeded in January 2021 in dismantling the Emotet malware network.

Another success was the arrest of members of the ransomware group Egregor, which has hit the Ouest-France group, among others.