Pegasus, A Creeping Threat to India's Digital Initiatives
Pegasus is a spyware that is secretly installed on mobile phones and other devices operating on most versions of iOS and Android. Israeli cyberarms firm NSO Group developed it. The Project Pegasus Vision 2021 suggests that recent Pegasus software can misuse all-new iOS versions up to iOS 14.6. According to the prominent media sources, Pegasus permits the keystroke monitoring of all communications from a phone and enables phone call and location tracking while allowing NSO Group to hijack both the mobile phone's microphone and camera, thus turning it into a constant surveillance device.
American private equity firm Francisco Partners previously owned the company, then bought back by the founders in 2019. The spyware is named after the mythical winged horse Pegasus. It is a Trojan horse that can be sent "flying through the air" to infect phones.
Pegasus was seen in August 2018 after a failed trial at installing it on expertise and the security vulnerabilities it misused. Since 2016, Pegasus could read text messages, track calls, collect passwords, track location, access the target device's microphone and camera, and harvest information from apps. News of the spyware caused significant media coverage. It was called the "most sophisticated" smartphone attack ever. It was the first time that a wicked remote exploit using breakout to gain open access to an iPhone.
Pegasus spyware Leaked database consisting Indian phone numbers.
Wire - Online news platform on 18 July 2021, reported a leaked database of thousands of telephone numbers, assumed to have been recorded by various government clients of an Israeli surveillance technology firm, holds over 300 verified Indian mobile telephone numbers, including those managed by ministers, opposition leaders, journalists, the legal community, business people, government officials, scientists, rights activists, and others. The website stated the verdicts followed an investigation by The Wire and other media partners.
The news website showed forensic tests administered as part of this project on a small cross-section of phones correlated with these numbers exposed clear signs of targeting by Pegasus spyware in 37 phones, of which ten are Indian. The Wire reported that it is impossible to conclusively declare whether it witnessed an attack attempt or was successfully negotiated without subjecting a phone to this technical analysis.
The confusion over the report, telephone numbers of Indian reporters, was on the hacking list of an unknown agency using the Pegasus software. The centre held to its earlier opinion that "no unauthorised interception" took place.
What was the Government's rejoinder?
Sources in the government showed that it has "nothing to hide" and "nothing to fear" and that they are ready to "reply to any query." They also stated that the "news article proves nothing" and "previous attempts at Pegasus-government link have failed." The sources also said the government is readying a "strong defence" to the political storm the issue is likely to raise.
A response by the Ministry of Electronics and Information Technology to a media questionnaire told claims were addressed regarding the use of the software by the Indian State in the past. Those reports had no factual basis and were categorically dismissed by all parties. The government officials stated, this news report appears to be a casting expedition based on guesses and exaggerations to accuse the Indian democracy and its institutions.
In 2019, WhatsApp filed a lawsuit in a US court, citing Israeli surveillance firm NSO for supporting government spies break into the phones of about 1,400 users across four continents. Following reports, the journalists and activists in India were also targeted.
IT Minister Ravi Shankar Prasad told Rajya Sabha that "no unauthorized interception" occurred. Violation of the system is actionable in law. Anyone with a problem can register an FIR or a formal complaint, and the government will look into it. No un authorized interception has been done," he informed to the Upper House.
In response to an RTI query, the Ministry of Home Affairs denied purchasing or planning to purchase the Pegasus software. In its statement, the MeitY said India is a robust democracy confined to assuring the right to privacy to all its residents as a fundamental right.
Current : IT minister exposed the illegality of Pegasus snooping in India
Ashwini Vaishnaw said that reports proposing India used Israeli spyware Pegasus to hack journalists' phones, activists, and ministers were nothing but an "attempt to accuse Indian democracy and its well-established institutions."
Ashwini Vaishnaw, who was making his first sermon in Parliament as the new MeitY minister, said the "highly sensational story" has made several "over the top allegations." Still, there is "no substance behind them."
"It is not an accident that the reports have been published a day before the monsoon session of Parliament," he said. "In the past, similar accusations were made about the use of Pegasus on WhatsApp but there is no factual basis to these and have been categorically dismissed."
India is amongst the countries that used Israeli company NSO Group’s Pegasus phone hacking software to target politicians, journalists, and activists. The investigation was based on a data leak of around 50,000 numbers collected by Amnesty International and Paris-based Forbidden Stories, a non-profit. To be sure, as the methodology of the investigation reveals, the presence of a number does not symbolize the individual’s phone was hacked - just that it was of interest.
Is Pegasus a national security concern?
What’s more unnerving is that the malware can self-destruct if it cannot communicate with its command server for more than 60 days. This self-destruction protocol will also be initiated if installed on a wrong sim card or a wrong device, leaving one to think that this spyware knew who its target was.
Under duration of scrutiny, spyware acts as an installation device. After gaining access, it installs other modules that help it conduct different actions such as reading messages and email, listening to calls, capturing screenshots, logging pressed keys, getting browser history, contacts, and more.
Since it has been proved that phones examined in India had an invasion of Pegasus, this product is only sold to vetted governments. The question arises which government? If the Government of India says they have not done it, some other government did it. Then it is a more serious national security concern. If it turns out that it is our government and it is authorized to do it, then the government needs to explain that the law only allows the interception of communication for national security and terrorism; otherwise, it is illegal. The government needs to cooperate in a probe.