Pegasus: The wings to the era of cyberattack

Pegasus: The wings to the era of cyberattack

Flaunting a mobile telephone is no longer a status symbol. The ubiquitous shiny device has been lapped up by practically every member of our society, cutting across religion, caste, gender, and income groups. By now, phones have promoted themselves from being a necessity to an obsession. The irony lies in the fact that many of us have become slaves to the supposed devices to free us. We’re constantly bombarded by buzzes and chimes that alert us to messages we feel compelled to view immediately. But often, this euphoria is replaced by growing unease. With high-tech advances arriving on the horizon comes widespread digital insecurity. As the number of devices connected to networks increases, the cyber threat is only bound to intensify, both in the short and the medium term. these technologically advanced devices are not a step but a leap towards an Orwellian future when our privacy is on the front line.

Pegasus Spyware is not a stranger to our shore. Pegasus is an Israeli technology firm NSO (NSO stands for Niv, Shalev, and Omri, the names of the company’s founders) built cyber-arm which came to light after a flunked installation was undertaken on the iPhone of a human rights activist. It led to immediate scrutiny, the revelation of fragments about the spyware hazard, and the security vulnerabilities it exploited. Hence it was given a new moniker: ‘the most sophisticated smartphone attack.’ This incursion marked the first-time malicious remote exploit, using jailbreak to gain unrestricted access over someone’s privacy.

Pegasus can read text messages, track calls, collect passwords, location tracking, access the target device’s microphone and camera, and harvest information from apps. Pegasus can take multiple trails to get into the target’s phone. Its earliest avatars have now evolved to include “zero-click” attacks, where the target need not take any action for the phone to be affected. In 2019, WhatsApp released a statement saying that Pegasus could enter phones via calls made on the platform, even if the calls are not received. Pegasus uses several such exploits to penetrate Androids or iOS. Many of these exploits are reported as “zero-days,” which means it is a weakness that the device manufacturers are unaware of. Pegasus can also be transferred over the air from a nearby wireless transmitter or manually inserted if the target phone is physically available, making it almost inconceivable for a victim to know that they have been duped and tossed as prey to an unknown malicious plan. A multinational collaborative effort titled “Pegasus Project” has been established to frighten the authorities worldwide, including India, who could be using the surveillance tools for purposes other than federal security. As a part of this investigatory project, forensic tests are carried out to detect digital evidence of infection by Pegasus in the mobile phones chosen for surveillance. So when it unexpectedly came flaring alive with the chatter about a potential bombshell story set, social media inscribed the obituary of the expose. Initially billed as the mega event, the jury was out that the reveal is an old story, wanting in truth. In all likelihood, it held a dubious motive that often recapitulated in the past.

The global list of people named as proposed targets of the spyware and prestigious publications involved in the cross-border collaboration was indeed arresting. It created a global concern over the use of intrusive spyware by autocratic authorities. Multiple cases surfaced over the shore lately, reminding of the threat they pose to the citizen’s seclusion and fundamental rights, therefore calling for more robust oversight of spyware. Just when the fire of WhatsApp suing the Indian Government, on the grounds of tampering with the people’s privacy rights as mentioned in one of the new IT rules, was dying down, Pegasus came “flying” to fuel the fire of privacy infringement. WhatsApp described Pegasus as an unmistakable pattern of abuse used to violate individuals’ rights. Some investigations followed heated arguments, but the controversy died out quietly and evaporated from public discourse. The most recent revelation reported that the phone numbers of 14 foreign leaders, including Pakistan Prime Minister Imran Khan, French President Emmanuel Macron, South African President Cyril Ramaphosa, et al. were victimized through this malicious spyware. The Pegasus Project divulged that the spyware was used to stalk the murdered Saudi Arabian journalist, Jamal Khashoggi. Mexican journalist Cecilio Pineda Brito was shot dead hours after the broadcast, allegedly denounced for corruption. At the same time, the massive data leak reveals that Pineda’s phone got targeted by an NSO’s client but could not be affirmed without forensic analysis. When the National Security Council budget hiked up to ₹300 crores under ‘cyber-security R&D,’ senior lawyer Prashant Bhushan threw allegations that the Government purchased Pegasus spyware for building a “surveillance state,” subsequently smothering democracy. A report said that the Indian Government expanded Pegasus to spy on Pakistan Prime Minister Imran Khan and other diplomats from neighboring countries. If this context holds any truth, then India stands in the same threat of being snooped. Many of us have failed to connect the dots and are flummoxed. But if the dots are joined, with the Pegasus spyware running in the framework, it depicts that India is descending into a surveillance state. Scandals at times turn into hullabaloo, causing little more than a few days of shrieking headlines, reproaching editorials, boisterous prime-time television debates, and short-lived protests. The possibility that the second coming of Pegasus into our political disclosure will not be very different from its first if this too is treated as an isolated event. As reported by Pegasus Project, NSO spyware found snooping politicians, journalists, and activists, primarily in 10 countries worldwide. In India, at least 40 journalists, Cabinet Ministers, and bureaucrats are possibly subjected to the surveillance. Amnesty International Security Lab examined 67 suspected smartphones and found 23 successful hacks, and 14 showed signs of attempted penetration. Pegasus potentially targeted not just grandees, the phones of more than 300 Indians.

Also, 11 phone numbers associated with a female employee of the Supreme Court and her family, who sued the former Chief Justice of India Ranjan Gogoi for sexual harassment, were supposedly found on a database indicating the possibility of prying. It is prudent for the Government of India to bend on ordering a detailed inspection against the consortium members to exhume the conspiracy behind the expose that befallen India.

When the reports emerged about the hacking of phones of some Human Rights activists for the first time in 2019, questions were raised at the then IT minister, Ravi Shankar, for compromising with cybersecurity. Nevertheless, an answer was prevaricated that didn’t refuse the use of Pegasus. Building on this piece, I wonder whether the Government is trying to create a nation where everything is transparent to them but out of light for the citizens? Amid the bedlam, NSO Group discarded the allegations calling them false and misleading, having no factual basis, and purely based on unfounded theories. A point to underscore is that the Israeli Defense Minister can only authorize the distribution of Pegasus. Moreover, NSO has been redundant in stating that it only supplies Pegasus to “Vetted Governments.” Then I wonder what hinders the company from announcing its directory of customers in public.

In the second set of explosive revelations, former president Rahul Gandhi, election strategist Prashant Kishore, IT minister Ashwini Vaishnav, et al. found a place in the list of potential snoop targets. Congress blamed the Government for treason and compromising on national security over the Pegasus spyware scandal. However, the Government claimed that there is no shred of evidence to link the ruling party with the matter.

It’s pretty striking that the Government is still acting out of a standard playbook when the country’s integrity is compromised. However, the Government’s and its supporters’ defence is essentially emantic quibble and raising doubts. Is the Government forcefully enunciating its remorseless stonewalling? Well, it seems to be firm in its resolve to not answer. It hopes to wear down political opposition and civil society and thinks it can wait out the news cycle to run its course. It probably can. Journalists are often considered notorious for using question marks to punctuate headlines. Is this the Government’s form of question marks when our heads are on the line?

Cyber is said to be the fifth dimension of warfare (in addition to land, sea, air, and space). However, cyber as the domain of military and national security co-exists with cyber as a domain of everyday life. The war is no longer out there. It is now directly inside one’s living room, with cyberweapons becoming the weapon of choice. Cyberweapons carry the untold capacity to distort systems and structures — civilian or military — and, most importantly, interfere with democratic processes, aggravate domestic divisions, and, above all, unleash forces over which established institutions or even governments have little control.

 

-Siddhant Abhinav Dungdung

Leave a Reply