It is not new, is it? Every once in a while, we come across media reports of software that hacks into our phones, our systems without giving us a ‘whiff’ of the same and compromises our personal information, details.
Pegasus, a spyware software developed by the Israeli firm NSO made quite a splash not too long ago, in 2019 to be precise, when some WhatsApp users in India, which included several journalists and activists, received messages from WhatsApp which alerted them Pegasus ‘the spyware’ software had compromised their phones.
Well, come 2021, and Pegasus is in the news again; the truth is that this spyware software never really left us in peace, has been popping up and making several news headlines since 2019.
In all its probability, Pegasus is allegedly used by various governments from across the world, and thus, from time to time, one reads reports of how an individual’s phone was hacked using it.
What is NSO and its mega spy software Pegasus?
NSO or NSO Group Technologies is an Israeli technology firm that developed Pegasus, a spyware that enables the remote surveillance of smartphones.
NIV, Shalev and Omri ( the names of the companies founders and thus NSO) was founded in 2010 in Herzliya near Tel Aviv, Isreal.
Pegasus origin is as interesting as the heated coverage it gets from time to time. Consider the founders, who are ex-members of unit 8200, an Israeli Intelligence Corps unit of the Israel Defence Forces responsible for collecting signal intelligence and code decryption.
Hence, NSO asserts that it provides authorized governments across the world with technology that helps them combat terrorism and crime. Interestingly, Israel categorizes the Pegasus spyware as a classified weapon, and hence any export of the technology has to be approved by the Government.
The Israeli Ministry of Defense licenses the export of Pegasus to foreign governments but not to private entities.
The small but steady steps, Pegasus
- The spyware software first got reported in 2016; an Arab activist was the target and got alerted as he received a shady message. Hence, it was understood that Pegasus was targeting iPhone users.
- The discovery led Apple to release an updated version of iOS to patch the security loophole that Pegasus was using to hack phones.
- However, soon it became apparent that it was not only the iPhone’s but also Android phones that it was capable of hacking. This was discovered in 2017; the phone manufacturers led to more security patches as more and more information trickled in.
- In 2019, Facebook took to the legal route and filed a case against NSO Group for creating Pegasus. One of the significant discoveries that led to Facebook taking the legal course is that while they were chasing the spyware across their systems, the security researchers at Facebook found that Pegasus was being used to infect several journalists and activists in India.
- At roughly the same time, WhatsApp also informed affected Indian users about the hack through a message.
2019 – 2021, more details emerge, potent and secretive, Pegasus – How is it installed and What can it do?
One may ask, if the details surrounding the hack first came to be heard in 2019, then why is it causing such a stir in 2021?
Well, the reason is simple – Pegasus has been called as one of the “most sophisticated” phone hacking to be ever built, and perhaps because it has been used so frequently, the fact that it can hack into phones and is almost seamless and the phone user has no clue that their device has been jeopardised.
Pegasus is potent and secretive; once a hacker identifies a phone that needs to be hacked into, a malicious website link is sent to the targeted user, and if the user clicks on the link, Pegasus is installed on the phone. Another way that it hacks through a security bug in the voice calls made through apps, e.g., WhatsApp; it is potent and secretive because it can be installed just by giving a missed call to the user, and once the software is installed on the phone it has the capability of erasing its tracks by deleting the called log entry and hence the user would never get to know of the missed call.
What is Pegasus’s capability?
Once the phone is compromised and the software installed, it can spy on the targeted user with great accuracy, i.e. to state completely and thoroughly, so much so that even encrypted chats are accessible.
The security researchers found that Pegasus is able to
- Read the users messages & mail
- Listen to calls
- Capture screenshots
- Log pressed keys
- Exfiltrate browser history, contacts etc.
- Listen to encrypted audio streams and read encrypted messages.
Hence the above capabilities make Pegasus as the ‘ultimate surveillance’ tool.
Political honchos raise a commotion over Pegasus!
The alleged phone tapping scandal has named Pegasus as the ‘culprit’; this comes out as an expose by a global consortium of media publications comes to light.
According to the expose, phones of two serving union ministers, three opposition leaders, one constitutional authority, current and former heads of security organizations, administrators and also 40 senior journalists, business persons and activists from across the country were allegedly bugged using Pegasus and were under the scanner.
In one of his digs at Prime Minister Narendra Modi, Rahul Gandhi on Monday tweeted, “He has been reading everything on your phone”.
Shashi Tharoor, too, has called for an independent probe into the alleged phone tapping on specific person’s, “I don’t know if the government has acknowledged any responsibility for doing so. NSO, which sells the software, claims they only sell to vetted governments”.
Meanwhile, the Government has dismissed the allegations of phone tapping of prominent individuals and issued an official statement – “the allegations regarding government surveillance on specific persons has no concrete basis or truth associated with its whatsoever”.
“It seems you are trying to play the role of an investigator, prosecutor as well as jury,” the Government said in its response.
Government of India’s response to a Right to Information application about the use of Pegasus has been prominently reported by media and is in itself sufficient to counter any malicious claims about the alleged association between the Government and Pegasus,” it further said.
The Government said that similar claims were made in the past regarding the use of Pegasus on WhatsApp by India. Those reports, it said, had no factual basis and were categorically denied by all parties, including WhatsApp in the Supreme Court.
Well, as the debate on whether there is indeed any credibility to the use of Pegasus by the ruling Government plays out, it is indeed to be noted that Isreal’s ‘Cyber Weapon’ has the potential to be the worlds most sophisticated Cyber Weapon yet!