The Pegasus software is back into public attention after reports of phone numbers of Indian politicians, journalists and other prominent personalities being found on a leaked list of possible targets for hacking. Congress leader Rahul Gandhi, former election commissioner Ashok Lavasa, Union minister Smriti Irani, former Indian Express journalist Sushant Singh, two founding editors of The Wire among others were targeted for surveillance by the spyware.
But this is not new in India. Back in 2017 and 2019, over 300 Indian users, including the renowned names were targeted by the spyware which is developed by an Israeli company NSO Group. A majority of those appearing on the list work with prominent organisations and are based out of New Delhi.
The presence of a phone number in the data alone does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the Pegasus Project, a consortium of international news organisations, believes the data indicates potential targets identified in advance of possible surveillance attempts.
What is a Pegasus Spyware?
Formed by the Israeli cyber arms firm NSO Group in 2010, Pegasus is a spyware that can be covertly installed on mobile phones running most versions of iOS and Android. As per the various media sources, Pegasus not only enables the keystroke monitoring of all communications from a phone (texts, emails, web searches), but it also enables phone call and location tracking. The NSO Group has also permission to hijack both the mobile phone's microphone and camera, thus turning it into a constant surveillance device.
The Citizen Lab report in 2018 identified 45 countries, including India, Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates, where Pegasus is being used. Terming the reports 'an international conspiracy', NGO said the list of countries they sell Pegasus to is confidential information.
Pegasus first came into the limelight when it was allegedly used to hack the phone of an Arab human rights activist in 2016. In addition, various reports stated that the software created by NSO Group was used in targeted attacks in the past against human rights activists and journalists in various countries, was used in state espionage against Pakistan, and played a role in the murder of Saudi dissident Jamal Khashoggi by agents of the Saudi government.
According to a BBC report, there was outrage in India and other countries after WhatsApp confirmed that some of its users were targeted with spyware. A total of 121 users from India, including activists, scholars and journalists, were affected by the breach. This, experts said, suggested the involvement of state agencies in India. 19 human rights activists, academics and lawyers, who had been targeted by the Pegasus spyware using a WhatsApp vulnerability, wrote an open letter to the government of India, asking it to reveal all information it has about the attack, other similar methods of mass surveillance, and the identity of concerned players. In October 2019, instant messaging company WhatsApp and its parent company Facebook sued NSO under the US Computer Fraud and Abuse Act (CFAA). Attackers had exploited a vulnerability in WhatsApp's code to inject malicious code on the devices of users.
NSO Denies The Allegations
However, on its official website, NSO claims its products help licensed government intelligence and law-enforcement agencies lawfully address the most dangerous issues in today's world. It says the company's technology has helped prevent terrorism, break up criminal operations, find missing persons, and assist search and rescue teams. In terms of accountability, the company takes a pioneering approach to apply rigorous, ethical standards to everything it does. Besides, the vetting methodology includes both a strict licensing process from the relevant export-control authority, as well as a structured in-depth, internal review under its Human Rights Policy, reviewing and providing recommendations and decisions for each marketing opportunity.
Despite its high claims, NSO has been allegedly using Pegasus to snoop on people.