What is Pegasus?
Pegasus is a spyware. What this means is that it is software that hacks into your electronic system and steals your data. Pegasus, in particular, is spyware that infects the target’s phone and lets its operators extract messages, photos and emails, record calls, location details, and secretly activate microphones. It can infect both iPhones and Android devices.
Unlike traditional phishing methods (remember how every IT security training starts by asking you not to click on suspicious links? That is to prevent phishing), this one is able to hack into phones with “zero-click” attacks. This means that you don’t even have to make the mistake of clicking the malicious link to infect your phone.
NSO, an Israeli firm, is behind Pegasus. The name NSO derives itself from the starting letters of the names of its founders – Niv Carmi, Shalev Hulio, and Omri Lavie. The Israeli government classifies Pegasus as a weapons system. The Israeli minister of defence regulates NSO, granting individual export licenses before they sell the technology to a new country.
NSO and its technology came into the spotlight for the role they played in Mexican drug baron El Chapo’s arrest. Since then, NSO seems to have acquired a lot of business – 60 clients in 40 countries (51% Intelligence agencies, 38% Law enforcement agencies, and 11% Military).
Why is it in the news?
Forbidden Stories, a Paris-based non-profit media organisation, and Amnesty International gained access to a list of 50,000 phone numbers. They believe that NSO’s clients have been targeting them since 2016. The data dump also contains the date and time when the numbers were selected or entered into the system. Forbidden Stories and Amnesty International shared access to the data with 16 other media organisations. Over 80 journalists have been working together on what has come to be called the “Pegasus Project”.
Amnesty’s Security Lab has been conducting forensic analysis on a sample set of phones of people whose numbers have appeared on the list. This has to be done because the list indicates intent and does not prove that the person’s phone was actually infected with Pegasus.
Out of 67 phones examined, 23 had been infected and 14 showed signs of penetration attempts. The attacks seem to have happened a few seconds after the number was entered into the list. Tests were inconclusive on 30 cases mostly because the phones had been replaced by the owner.
The Pegasus Project was able to identify 10 clients of NSO who seem to have selected the targets in the list: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates.
Indian Government uses Pegasus?!
The data leak suggests that the Indian government used Pegasus to target Indian politicians, journalists, activists and government critics. Again, the data only suggests intent and does not prove that these individuals had their phones hacked. Only a forensic examination of phones will be able to throw light on the extent of surveillance.
NEW from the Pegasus Project: An NSO client we believe was Narendra Modi’s government hacked an opposition campaign manager during this year’s West Bengal elections and identified Rahul Gandhi, his friends and staff as possible surveillance targets https://t.co/yLOUwNCR2P— michael safi (@safimichael) July 19, 2021
NSO lists India as one of its clients but also states that it rigorously vets its customers’ human rights records before letting them use its spy tools. They also claim that their clients use their tools only against criminals and terrorists.
You can read more about the Pegasus Project here.