Written by Vedika Pathania, a second-year student.
Spyware is any malicious application that infiltrates your computer, gathers your information, and transfers it to a third party without your knowledge.
Pegasus, developed by NSO Group – an Israeli technology firm, is perhaps, one of the most powerful spyware ever created. It’s a virus that gets into a phone and then gets access to all the information on it. The Israeli business sells it as a tool for following criminals and terrorists — not for mass surveillance, but for targeted snooping.
How does it work?
After Pegasus is installed, it may intercept and steal practically any information on a phone, including SMSes, contacts, call history, calendars, emails, and browsing histories. It can use your phone’s microphone to record calls and other chats.
Researchers found the first version of Pegasus in 2016, and it infected phones via a technique known as spear-phishing, which involves sending text messages or emails that mislead a victim into clicking on a malicious link.
Pegasus could enter a device with a missed WhatsApp call in 2019 and even remove the record of the missed call, making it difficult for the user to realise they were being tracked. Pegasus used a flaw in WhatsApp’s code to infect over 1,400 Android phones and iPhones, including those of government officials, journalists, and human rights activists, according to WhatsApp in May of that year. It quickly fixed the problem.
Who has been targeted?
Practically all gadgets. The malware may mimic an app on an iPhone and send itself as push notifications through Apple’s servers.
The Israeli malware Pegasus was used to target thousands of people throughout the world, according to a global joint investigation initiative. At least 300 people are thought to have been targeted in India, including two serving Ministers in Prime Minister Narendra Modi’s cabinet, three Opposition figures, one constitutional authority, many journalists, and businesspeople.
The phone numbers of about over 40 renowned Indian journalists were found on a hacking list of an unidentified agency using Israeli spyware Pegasus on June 18 evening, according to The Wire. The presence of military-grade spyware on some devices has been confirmed by forensic tests, according to the report. Journalists from Hindustan Times, The Hindu, The Wire, The Indian Express, News18, India Today, and other publications were among those on the list of possible targets, according to the report.
How do I avoid it?
Changing one’s default phone browser appears to be one technique to avoid Pegasus. “Installation from browsers other than the device default (and also chrome for android based devices) is not supported by the system,” according to a Pegasus brochure. In theory, good cyber hygiene can protect you against ESEM baits. When Pegasus exploits a flaw in your phone’s operating system, however, there’s little you can do to prevent a network injection. Worse, until the gadget is inspected at a digital security lab, no one will be aware of it.
Switching to an antiquated phone that only enables basic calls and texts will undoubtedly reduce data exposure, but it may not be enough to dramatically reduce danger.
As a result, the most one can hope for is that zero-day assaults become less common by staying up to date with every operating system update and security patch issued by device makers. And, if you have the funds, replacing phones on a regular basis is likely the most effective, albeit costly, solution.
Because the spyware is embedded in the hardware, the attacker will have to successfully infect each new device. This might provide logistical (expense) as well as technological (security upgrade) difficulties.
What is the Pegasus Project?
In July 2021 it was revealed that various countries utilised the software to spy on government officials, opposition politicians, journalists, activists, and others, according to the Pegasus Project, an international investigative journalism endeavour. Between 2017 and 2019, the Indian government allegedly utilised it to eavesdrop on roughly 300 people, according to the report.
Pegasus and Indian Politics
India is among a handful of nations whose governments appear to have purchased NSO Group’s Pegasus spyware, which was created in Israel. A leaked list of 50,000 phone numbers was analysed by the investigation team. A client of NSO in India picked almost 1,000 of these, according to the analysis. Several people in India have been confirmed to be infected with the Pegasus malware after being checked. Opposition party leaders, dissident journalists, activists, attorneys, intellectuals, businessmen, a non-compliant Election Commission official, a non-compliant senior intelligence officer, and cabinet ministers’ phone numbers are among those on the list. Spokespersons of the Indian Government have, however, denied the legitimacy of this list.
The Pegasus affair has sparked outrage in parliament’s monsoon session. The opposition has called for the home minister’s resignation. Modi’s governing party, certain in its landslide victory, fielded Ashwini Vaishnaw, India’s freshly sworn-in Minister of Railways, Communications, Electronics, and Information Technology, to defend it on the House floor. His phone number was also on the leaked list of numbers, which was humiliating for him.
So, what are our impressions of Pegasus? It would be a severe error to dismiss it as a new technical version of an age-old game in which those in power have always spied on those who, willingly or unwillingly, bow down to that power. This isn’t your typical snooping. Our phones are our most personal selves. They’ve evolved into a natural extension of our minds and bodies. Spyware like Pegasus puts the user of each infected phone, as well as their whole social circle of friends, family, and coworkers, at danger on political, social, and economic levels. So we end up with questions like, are our cyber laws strong enough? Are we safe? The answers are yet to come.