Pegasus, which is capable of attacking both Android and iOS, has been around for three years and is considered one of the most sophisticated spyware in the market. It begins work after the user clicks on the infected link sent by the attacker. After an installation process that requires no permission from the user, the spyware begins to contact the phone’s control servers, allowing it to gather data from the infected device. Looking to steal passwords, contacts, messages, calendar information and other private data, Pegasus also has the ability to hack the phone’s camera, microphone and GPS location.
This time, the spyware attacked a vulnerability in the WhatsApp
VoIP (Voice Over Internet Protocol), which is used to make video and audio calls. WhatsApp discovered cyber-attacks on its systems in May and rolled out various fixes and updates. With the help of The Citizen Lab at the University of Toronto, a six-month-long investigation led to the discovery of Pegasus.
According to reports, The Citizen Lab then contacted the suspected targets and warned them that their devices might have been compromised. But most users did not take it seriously. Eventually, WhatsApp contacted these users through a verified account. About 40 people in India, most of whom are academics, journalists and activists, have since been identified as victims of this cyberattack.
Now: After WhatsApp moved court, the NSO Group released a statement saying, “In the strongest possible terms, we dispute today's allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years.”
Pegasus, meanwhile, has kicked up a storm on Twitter, with Twitteratis questioning the involvement of the Indian government. Nishant Sinha, a Congress worker in Bihar, tweeted, “It’s time for WhatsApp to introduce a 3rd tick. To show that the government has read your message.” The fact that so many of the targeted users are lawyers and activists who are in some way associated with the Bhima Koregaon and Elgar Parishad cases has also raised eyebrows.
Why: According to Amnesty International, Pegasus has been targeting journalists in Mexico, Saudi dissidents and Amnesty’s own researchers since 2017. While it is still not clear if any of India’s government agencies sought the services of the NSO Group, Information Technology Minister Ravi Shankar Prasad has said that the government has asked WhatsApp to “explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens”. Meanwhile, WhatsApp users are scrambling to install the latest versions of their phones’ operating systems and of the app as this is the only cited preventive measure against Pegasus.