Introduction
A software called Pegasus, developed by NSO Group, a cyber –surveillance firm found in 2010 had caused sleepless nights for Indian Journalists, politicians and businessmen. Rahul Gandhi (Congress Former President) , Ashwini Vaishnav ,( IT minister) and Ashok Lavasa (former Election Commissioner ) along with other high profile people were targeted.
Pegasus is a malware that can be installed in iPhones and Android devices to extract sensitive data from devices including call records and text messages. This spyware is well known across the world for its snooping techniques. As per the research, the current Pegasus holds the capacity to exploit all iOS versions upto iOS 14.6. In the year 2019 many Journalists along with several other workers were victims of Pegasus snoop. Now as per the reports of “The Wire”, this month over 300 mobile phone numbers in India were hacked using this sophisticated spyware.
How it functions on the device
Pegasus software can invade iPhones and Android devices with its sophisticated program. Either through links or unauthorized app installation, earlier hackers gained control over the device which enabled them to remotely access the camera, microphone, voice call, messaging apps, calendar, email, GPS location and other apps on the device. But later WhatsApps calling feature became another mode through which the spyware could enter the device to transfer all official, financial and personal data to the hackers’ server.
The spyware hides behind the existing apps on the target’s smartphone and slowly extracts the data. Basically there are three levels of surveillance in NSO- initial data, passive monitoring and active collection. However, Pegasus is capable of snooping on these three levels. So the operator will be able to install the malware leaving no trace for suspecting as it consumes minimal data, battery and memory in the device.
In case if the victim is roaming or the battery level is low then the data transmission stops and when there is no transmission happening, the data is stored in an encrypted buffer which occupies only upto 5 percent of free space available in the device. Pegasus Anonymizing Transmission Network (PATN) enables communication between the Pegasus software and the central server.
One of the most interesting features of Pegasus is it’s self- destruct mechanism. When there is a chance for exposure immediately the softwares self-destruct mechanism is activated. Also the activation happens when there is no communication between the software and the server for a period of desired time or more than 60days after infection of the device.
Claims and Complaints
NSO claims that the Pegasus software is sold only to the “vetted governments” across the country and it is to help them to overcome the encryption challenges during criminal investigations and terrorism . Recently, Forbidden Stories which is a Paris based company and Amnesty International( a non-governmental organization) found a database of nearly 50000 numbers under the target of surveillance through Pegasus software, out of which 300 Indian numbers were also targeted. The news got viral across the world and after this the Pegasus project came into picture, even 17 other media organizations revealed about this project.
According to the sources, our country is also said to be one of the clients of the NSO groups. So then raised a query in everyone’s mind if India is Using Pegasus to spy on its own citizens. This issue was also spotted in the year 2019, during that time the then IT minister Ravi shanker Prasad replied that “no unauthorized inspection “ had taken place.
For the current Pegasus scandal , our IT minister Ashwini Vaishnav has also stated that “ the unauthorized inspection “ has not taken place. Hence, this means the government has not provided any confirmation about being NSO’s client.