A multinational investigation coordinated by 16 well-known news organisations, Amnesty International and several cybersecurity
organisations has sparked off a scandal about widespread, illegal surveillance
being carried out by nation states on their citizens. The investigation centred on a list of “targets” of the Pegasus spyware. At least 40 Indian journalists, along with members of Parliament, judges and others were supposedly targeted by Pegasus. Phones of seven of these persons, who agreed to allow forensic examination of their devices, were found to be infected.
What is Pegasus?
Pegasus is the name of a spyware developed by Israeli firm NSO. It can be introduced surreptitiously into mobile
devices and can suck up all data and meta-data on the infected device as well as monitor conversations, chats and browsing. It attained notoriety when it was alleged the Saudi authorities were monitoring murdered journalist Jamal Khashoggi’s phone by means of Pegasus.
Who can buy Pegasus?
NSO claims it will only sell the software to verified government agencies, with a contractual clause that the spyware can only be used in cases of suspected crime or terrorist activity. In practice, the clause is unenforceable – any buyer can then use it as they please. However, it is possible for NSO to verify potential buyers and check whether they are official agencies, though it refuses to release its client list. NSO claims it has 60 clients in 40 countries. NSO also says the spyware is mainly used by law enforcement and intelligence agencies as well as the military.
How much does Pegasus cost?
It is a technology that targets specific devices. A licence cost a minimum of about $650,000 in 2016, when the company released a catalogue (it doesn't publish a catalogue anymore). Each licence allows for multiple installations (or infections, if you prefer). In addition, the purchaser must spend a considerable amount to set up the infrastructure to capture, monitor and process the data.
NSO helps to set up the infrastructure and train the people who will infect the target’s phones, and then monitor and process the data. This installation and service charge has an asking price that could start at around $350,000. But NSO says it does not do the monitoring itself, and thus “has no visibility” on what is actually being picked up.
What’s special about Pegasus?
It is a very sophisticated spyware, which can remotely infect a very wide range of devices, and apparently does so without any action on the target’s parts. Most mobile
spyware is installed by getting hold of the physical device or via phishing. In the latter, a text message/ WhatsApp / email with a malicious link is sent, and the target gets infected when he or she clicks on that link. Pegasus can be transmitted this way.
More importantly, NSO discovered a vulnerability that allowed it to infect mobiles by sending malicious WhatsApp messages, which did the job without any actions being necessary on the target’s part. NSO has, in fact, been sued by WhatsApp for exploiting this vulnerability. Pegasus can also be spiked into the target’s phone from a nearby base transceiver station (BTS). BTS is standard equipment used by telecom service companies to route and re-route signals.
Once installed, the spyware takes a wide range of permissions, allowing it to monitor location, emails, grab contact lists, take screenshots, grab media, grab instant messages and SMS, access browser history, take control of the phone’s mike and cameras, etcetera.
Pegasus can also be deleted remotely. It’s very hard to detect and once it’s deleted, leaves few traces. It can also be used to plant messages/ mails, etcetera, which is why there are theories it may have been used to plant fake evidence to implicate activists in the Bhima Koregaon case.
How can you figure out if Pegasus is infecting your mobile?
Given the costs, you would need to be a high-value target for a government agency to spend this sort of money. According to the technical experts who worked on this case, it is close to impossible to figure out if a phone has been infected with Pegasus. It doesn’t cause slowdown or hanging.
It is slightly easier to detect Pegasus on an iPhone
because iPhones keep more detailed logs of activity, and cybersecurity
experts can see if data has been exchanged with suspicious websites. Other than this, watch out for the usual signs of higher than normal data usage, and unusually high battery consumption (this is also lower with Pegasus than with other spyware).
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.