For the last few days, there is enough news on Pegasus. Initially, there was not much noise in the country on this matter, but as soon as the Parliament session started, the opposition parties are stalling the proceedings on this issue.
What is Pegasus ?
Pegasus is a type of malicious software or malware classified as spyware. Spyware such as Pegasus is designed to gain access to your device, without your knowledge, and gather personal information and relay it back to whoever it is that is using the software to spy on you. It is the ultimate spyware for i phones and Android phones. As per the report in media it has been behind the most sophisticated attack ever seen.
Initially, Apple company has said that their i phones are immune to this attack, but in reality, they are also affected.
Pegasus, in fact, is widely sought after because it can hack into iPads and iPhones despite Apple products being touted to be among the safest and best for data privacy. To make matters worse, those operating the software can even turn on a phone’s camera and microphone to capture activity in the phone’s vicinity. According to reports, Pegasus can monitor up to 500 phones in a year, but can only track a maximum of 50 at one go. It is said that this spyware costs between $ 7-8 million per year to license Pegasus.
So how does it work?
A hacker would typically try to infect a victim’s device with Pegasus using a phishing link, mostly sent via a text message that looks innocent and benign. Clicking on the phishing link would (without the victim’s knowledge) start the download of Pegasus on the device and set up a connection with a hacker’s command computer that could be thousands of miles away.
The hacker can then communicate with the Pegasus spyware via the remote command center and issue directions for what information the spyware should send back to the hacker’s server.
According to reports, in this way, Pegasus can be used to gather a vast amount of victim information like “Passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. It could even listen to encrypted audio streams and read encrypted messages.
The other aspects that make Pegasus an extremely sophisticated software. For one, Pegasus ‘self-destructs’ if it can communicate with hacker’s control for over 60 days or if it detects that it has been installed on the device with the wrong SIM card since the company who made Pegasus for targetted spying on selected victims.
Who owns Pegasus?
It has been developed by the Israeli firm NSO group that was set up on 25th January 2010. According to reports, the first name initial of the founders acronym ‘NSO’. The founders are Niv Carmi, Shalev Hulio, and Omri Lavie.
As per Hulio, NSO’s goal was “ to develop technology that would provide law enforcement and intelligence agencies with direct remote access to mobile phones and their content- a workaround to the increasingly widespread use of encryption in the digital environment”. As per Hulio’s claim, the idea for a service company like NSO was inspired by “ a request from European authorities that were familiar with his and Omri Lavie’s work on cell phone carrier customer service technology.
Who uses Pegasus?
NSO does not openly name who buys its software. But its website does say that its products are used exclusively “by government intelligence and law enforcement agencies to fight crime and terror”.
The Citizen Lab report in 2018 identified 45 countries, including India, Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates, where it is being used.
In India, following WhatsApp revelations that activists were snooped upon, questions surfaced about a possible meeting between representatives of NSO and the Chhattisgarh Police on 2nd November 2019.
‘The Congress government in Chhattisgarh set up a three-member committee to look into it. In January 2020, the government, however, said that “no evidence linking any government official to the snooping was found”. The government also said there was no evidence found regarding a presentation done by NSO in Chhattisgarh.
Do security agencies in India use Pegasus?
There is no clarity on the issue.
In November 2019, Lok Sabha MP from the DMK, Dayanidhi Maran, asked on the floor of the House if the government taps WhatsApp calls and messages and whether the government uses Pegasus for this purpose.
A written response provided by then Minister of State for Home Affairs, Kishan Reddy, did not directly address queries about tapping or Pegasus.
“Section 69 of the Information Technology Act, 2000 empowers the Central Government or a State Government to intercept, monitor or decrypt…any information generated…or stored in any computer resource,” the response said, adding that it was for reasons including sovereignty and security of the country.
“Section 5 of the Indian Telegraph Act, 1885 empowers lawful interception of messages on the occurrence of public emergency or in the interest of public safety”.
The response also listed the 10 agencies that can intercept messages under the law and a Standard Operating Procedure (SOP). Such agencies allowed to intercept messages include the Intelligence Bureau, Enforcement Directorate, Cabinet Secretariat (RAW), and Commissioner of Police, Delhi.
The response further said that “there is no blanket permission to any agency for interception or monitoring or decryption and that permission from competent authority is required, as per the due process of law and rules, in each case”.
Now as there is too much hue and cry over the world, the Indian media and opposition parties’ politicians are jumping into it. No one knows the exact truth and everyone is speculating as per his own thinking, and or leaning towards the political party.
- No one knows from where the phone numbers came.
- Whether India is involved in spying using Pegasus- no one knows.
- Who was spied on and their phone numbers-no one knows.
- Whether Indians were spied upon- no one knows.
- Who are NSO’s clients in India- no one knows
- Until now spyware has been detected in about 30- 40 phones, how many Indians are there in that list-no one knows.
But certain sections of media and politicians are creating hues and cries in the public. There have been demands by politicians govt should conduct inquiry through the retired judge of Supreme Court or there should be investigations by Joint Parliamentary Committee (JPC).
Let us wait and watch for the development of this issue.
Waiting for your views and comments.
Anil Malik
Mumbai, India
21st July 2021
Tejinder Singh Sethi
Such a shameful act of snooping on journalist, judges, opposition parties, who ever did should be punished in India and internationally.