An investigation by the Pegasus Project, an international media consortium, revealed that more than 50,000 phone numbers were targeted by spyware created by NSO Group, an Israeli software company. The list contained 300 verified phone numbers in India, including ministers, opposition leaders, a sitting judge, more than 40 journalists, and several activists and businessmen.
But what is Pegasus, what is it for, how does it infect devices and what can it do?
What is this?
Spyware is any malicious software that is designed to enter your computer device, collect your data, and forward it to a third-party without your consent.
Pegasus is probably the most powerful spyware ever developed by NSO Group. It’s designed to infiltrate smartphones – Android and iOS – and turn them into surveillance devices.
However, the Israeli company markets it as a tool to track down criminals and terrorists – for targeted espionage and not for mass surveillance. NSO Group sells software only to governments. One license, which can be used to infect multiple smartphones, can cost up to Rs 70 lakh. As of 2016 price list, NSO Group charged its customers $650,000 to infiltrate 10 devices, as well as an installation fee of $500,000.
How does this work?
Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means that a phone can get infected even if it has the latest security patch installed.
A previous version of spyware – from 2016 – infected smartphones using a technique called “spear-phishing”: text messages or emails containing a malicious link were sent to the target. This depended on the target of the link being clicked—a requirement that was eliminated in later versions.
As of 2019, Pegasus can infiltrate a device with a missed call on WhatsApp and also delete the record of this missed call, making it impossible for a user to know that they were targeted. In May of that year, WhatsApp said that Pegasus took advantage of a bug in its code to infect more than 1,400 Android phones and iPhones, including government officials, journalists and human rights activists. It soon fixed the bug.
Pegasus also takes advantage of a bug in iMessage, giving it backdoor access to millions of iPhones. Spyware can also be installed on wireless transceivers (radio transmitters and receivers) located near the target. | pegasus spyware
what can it do?
Once installed on a phone, Pegasus can intercept and steal any information you want, including SMS, contacts, call history, calendar, email and browsing history. It can use your phone’s microphone to record calls and other conversations, secretly film you with your camera, or track you with GPS.
Brief History of Pegasus
2016: Researchers from Canadian cybersecurity organization The Citizen Lab encounter Pegasus on the smartphone of human rights activist Ahmed Mansoor for the first time.
September 2018: Citizen Lab published a report that identified 45 countries in which Pegasus was being used. Like the latest revelations, the list also includes India.
October 2019: WhatsApp reveals that journalists and human rights activists in India were targeted for surveillance by operators using Pegasus.
July 2021: The Pegasus Project, an international investigative journalism effort, reveals that various governments used software to spy on government officials, opposition politicians, journalists, activists and many others. It said the Indian government used it to spy on about 300 people between 2017 and 2019.