PEGASUS SPYWARE IN INDIA: ALL YOU NEED TO KNOW By Abhinav Gupta
Spyware is nothing but a Software that is malicious or in Cybersecurity terms its a malware that is installed in the end user’s computing devices. In today’s tech era any software is said to be spyware if it is installed without any user’s authorization.
Spyware is one of the most common threats to internet users as to when installed it starts monitoring the internet activities, keeps track of login credentials and can spies on sensitive information. It can violate the end user’s privacy and has the potential to be abused.
Some types of spyware can install additional software and can change the settings on your device, so it’s important to use secure passwords and keep your devices updated.
How Spyware gets into your Computers or Mobile devices
Spyware can affect Computers or Mobile devices, iOS or Android. Although with the increased rate of Android devices, they are more suspectable to be attacked. Spyware can infect your system in the same way as any other form of malware does.
Spyware usually gets into the system because you have done something, like clicking on some pop-up, installing software or application from an unreliable source, agreeing to add some functionalities into the application, pirated games or music or any video, or accepting and opening email attachments from an unknown sender.
What is Pegasus Spyware?
The name Pegasus depicts a mythical winged divine horse that has magical power and the most recognized creature in Greek mythology. Same magical power this spyware holds when it gets into the system.
Pegasus is a spyware that can be installed on devices running certain of iOS and Android, developed by Israeli Cyberarms firm, NSO Group. The spyware is transmitted into the system by WhatsApp application that everybody uses by sending a message with some link in its content so that when a user clicks on the link the spyware enters into the device or by just calling the target phone regardless of the call not being answered and the log of that call gets erased. According to The Citizen’s Lab of the University of Toronto, which worked with WhatsApp on identifying spyware victims, these are the only ways of delivering Pegasus. It notes several other cases such as alarming SMSs that prompt targets to click on a link.
Details of this Spyware: Pegasus secretly enables a jailbreak on the devices and can read text messages, track calls, collect passwords, turn on the cameras, trace the phone location, as well as gather information from apps including (but not limited to) iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram and Skype.
The exploit impacted WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen (which is used by Samsung devices) prior to v2.18.15.
Indian Journalist, activists were spied on using the Israeli Spyware
Pegasus is in news since 2016, the file reports on Pegasus spyware operations emerged in 2016 when a human right activist in the UAE was targeted with an SMS link on his iOS phone. The Pegasus tool at that time exploited software in the device and took over the mobile. Apple responded with the security patch to fix the issue.
Of the 1,400 users affected were Indian journalists and human rights activists have been the target of surveillance and at least two dozen were academics, lawyers, Dalit activists in India. WhatsApp had contacted and alerted the targets that they had been under “state-of-the-art surveillance for a two-week period until May 2019.” In May, WhatsApp updated the app and launched a probe into how the hack worked and affected people.
The latest disclosure by WhatsApp comes after the company announced that it was suing NSO Group, an Israeli surveillance firm that is reportedly behind the technology that helped government spies to hack into phones of roughly 1,400 users. These users span across four continents and included diplomats, political dissidents, journalists, and senior government officials.
In September 2018, The Citizen Lab, an interdisciplinary lab based at the Munk School of Global Affairs & Public Policy, University of Toronto, showed that Pegasus delivers “a chain of zero-day exploits* to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission”. Pegasus spyware’s operations were live in 45 countries at the time.
*(A “zero-day exploit” is a completely unknown vulnerability, about which even the software manufacturer is not aware, and there is, thus, no patch or fix available for it. In the specific cases of Apple and WhatsApp, therefore, neither company was aware of the security vulnerability, which was used to exploit the software and take over the device.)
After confirmation, WhatsApp sued the NSO Group in a federal court in San Francisco, accusing it of using WhatsApp servers in the United States and elsewhere to send malware to approximately 1,400 mobile phones and devices for the purpose of conducting surveillance of specific WhatsApp users or Target Users. The surveillance was carried out “between in and around April 2019 and May 2019” on users in 20 countries across four continents, WhatsApp said in its complaint.
NSO denied the allegations.
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” NSO said in a statement. “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime.”
What is the NSO Group?
It was founded by two Israelis — Shalev Hulio and OmriLavie. Both of them are on the company’s board. Lavie also co-founded Kaymera, a company that creates super-secure phones for government officials. So NSO Group and Kaymera offer complementary products. According to Forbes, Kaymera and NSO’s offices are located next to each other.
Its other directors include citizens of the USA, UK, Germany, and Israel. Its senior advisors include Tom Ridge, the first American Secretary of Homeland Security, Gerard Araud, a French diplomat, Juliette Kayyem, faculty chair of Harvard’s Homeland Security Programme, and Daniel Reisner, the former head of Israel Defence Forces’ International Law Department.
According to its website, NSO Group, which also goes by Q Cyber Technologies, develops technology to “help government agencies detect and prevent terrorism and crime”. As per the website, the products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror.
To be Continued…