Tue 20 July 2021:
In September 2018, The Citizen Lab, a Canadian cybersecurity organisation, published a comprehensive report identifying 45 countries, including India, in which the spyware was being used.
Then in October 2019, WhatsApp revealed that journalists and human rights activists in India had been targets of surveillance by operators using Pegasus.
What really is Pegasus?
Pegasus was developed by the Tel Aviv, Israel-based cyber intelligence and security firm NSO Group. The spyware, believed to have been around at least since 2016, is said to be known by other names as well, like Q Suite and Trident.
Considered the most sophisticated among all such products available in the market, it can infiltrate iOS, Apple’s mobile phone operating system, and Android devices.
To make matters worse, those operating the software can even turn on a phone’s camera and microphone to capture activity in the phone’s vicinity.
In all, according to this report, Pegasus “can monitor up to 500 phones in a year, but can only track a maximum of 50 at one go”. The report, citing sources, adds that it costs about $7-8 million per year to license Pegasus.
How does it work?
In short, keep an eye out for text messages.
A hacker would typically try to infect a victim’s device with Pegasus using a phishing link, mostly sent via a text message that looks innocent and benign.
Clicking on the phishing link would (without the victim’s knowledge) start the download of Pegasus on the device and set up a connection with a hacker’s command computer that could be thousands of miles away.
The hacker can then communicate with the Pegasus spyware via the remote command centre and issue directions for what information the spyware should send back to the hacker’s server.
According to The Citizen Lab, in this way Pegasus can be used to gather a vast amount of victim information: “Passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.”
According to this report, “Pegasus could even listen to encrypted audio streams and read encrypted messages”.
Then there are the other aspects that make Pegasus an extremely sophisticated software.
For one, Pegasus “self-destructs” if it can’t communicate with the hacker’s control centre for over 60 days or if it “detects” that it has been installed on a device with the wrong SIM card since NSO made Pegasus for targeted spying on selected victims, not just anyone.
NSO allegedly first created fake WhatsApp accounts, which were then used to make video calls. When an unsuspecting user’s phone rang, the attacker transmitted the malicious code and the spyware got auto-installed in the phone even if the user did not answer the call.
Through Pegasus, the attacker then took over the phone’s systems, gaining access to the user’s WhatsApp messages and calls, regular voice calls, passwords, contact lists, calendar events, phone’s microphone, and even the camera.
NSO Group has, however, denied any wrongdoing. It claimed to sell Pegasus only to “vetted and legitimate government agencies”.
Who uses Pegasus?
Pegasus was meant to be used by governments on a per-license basis. In May 2019, its developer had limited sales of Pegasus to state intelligence agencies and others.
The home page of NSO Group’s website says the company creates technology that “helps government agencies” prevent and investigate terrorism and crime to save thousands of lives around the globe.
The company’s human rights policy includes “contractual obligations requiring NSO’s customers to limit the use of the company’s products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights”.
However, NSO has been accused in the past of using Pegasus to snoop on people.
The Citizen Lab report in 2018 identified 45 countries, including India, Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates, where it is being used.
WhatsApp said the spyware exploited its video calling system and a specific vulnerability to send malware to the mobile devices. The vulnerability has since been patched.
———————————————————————————————————————-
FOLLOW INDEPENDENT PRESS:
TWITTER (CLICK HERE)
https://twitter.com/IpIndependent
FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent
Think your friends would be interested? Share this story!