What is Pegasus? How does it affect Govts, individuals, professionals?

Israeli surveillance technology Pegasus data leak has created tumultuous waves across the world for targeting dissenters of respective governments as against the hacking spyware's declared aim that it is to use against criminals and terrorists.

Among the 50,000 phone numbers found in the leaked list, over 300 phone numbers have been discovered as linked to individuals who are actively participating in Indian politics. The list reveals that the spyware has been tapping phones of Indian ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists and others since 2016.

The spyware developed by the Israel Company NSO Group can be applied on iPhones and Android devices to extract messages, photos and emails, record calls and secretly activate microphones.

While NSO is maintaining that it sells Pegasus worldwide only to vetted governments, the question arises how far a democratic government upholds the value of democracy that invokes individual freedom as a sacred value or there is any attempt there to re-write democracy in the line with vested interests in the modern times.

This also pushed the critics of the citizen surveillance and opposition political parties, particularly in India to wonder whether "India is being converted into a police state?"

What is Pegasus Spyware?

Pegasus is the hacking software commonly known as spyware that has been developed and is marketed by Israeli company NSO Group to governments around the world. The spyware could run on innumerable phones simultaneously on iOS and Android platforms even without the knowledge of the user.

Pegasus is viewed as the most powerful piece of spyware ever developed in the world. Once it has been infected, the phone turns into an around the clock surveillance device. The infection takes place without attracting the attention of a user. The most heinous part is that the spyware does not allow the user to slip away from its spying net.

It could read the messages the user sends or receives, save photos and call records to other devices, secretly film the user through the infected camera phones, and activate the microphone to record the conversation the user makes with others. Besides, it can also accurately record the user's movements to pinpoint the exact location and whoever the user met with.

How Does Pegasus take control of a device?

The earliest version of Pegasus was reported to have been used to harvest messages or emails that trick a target into clicking on a malicious link. Over the years the mechanism has been developed to the extent that the malware could infect a phone even without a click on a malicious link. Pegasus is said to have had its access to phones through the vulnerabilities found in an operating system about which manufacturers have yet to get a clear picture to fix it.

Once infected, Pegasus could take control of all administrative privileges on the devices and it could even do more than what the owner of the phone can do. One of the major things that worries the ethical cybersecurity agencies is that the Pegasus attack cannot be thwarted as long as the device is skewed to vulnerabilities.

What is Pegasus Project and who is behind it?

Pegasus project is a reporting consortium of different media houses and journalists with whom the Paris-based non-profit media organisation Forbidden Stories and Amnesty International had initially shared the data with a call to investigate the leaked data to determine how detrimental the spying is to the freedom of speech.

The 'Pegasus Project' is now being handled by The Wire, Le Monde, The Guardian, Washington Post Die Zeit, Suddeutsche Zeitung and 10 other Mexican, Arab and European news organisations. Though the presence of a phone number in the data could not say whether the device was infected with the Pegasus, the forensics analysis done on a small number of phones whose numbers were listed in the data showed over half of the phones were the victims of the infection.

Apart from popular personalities from different quarters, over 180 phone numbers of journalists who are associated with well-known media houses in the world have been found listed in the data. This includes reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, The Economist, Associated Press, Reuters, The Wire and Indian Express.

Pegasus in India

Despite NSO claim that it has only vetted governments as its clients, Forbidden Stories has the take that most of the numbers found in the leaked list were the targets of NSO's clients. The NSO has registered a blatant denial in involving any wicked activities but conceded the possibilities of using the spyware for other purposes by its clients.

Most of the numbers listed in the database have been identified as concentrated in 10 countries, particularly in India, Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.

Though different countries have different laws to deal with digital spying, the use of surveillance through hacking by individuals, private or official, amounts to the offence of the intellectual property breach under the Indian IT Act.

Indian Opposition cries for action

The opposition parties in India called for action against the malicious act of surveillance on citizens. Some leaders openly demanded that the issue has to be raised in the Parliament when it convenes this week. Others are of the opinion that while the complete list of the victims is yet to be released, they found it expedient to wait for more details to come out before creating a storm in Parliament.

Responding to the Pegasus release, the Congress deputy leader in Rajya Sabha Anand Sharma said that the matter could not be snubbed as a frivolous one since it's a matter of state surveillance which compromises the very system of constitutional democracy and the privacy of the citizens. He urged the government to reveal the government-run agencies that are using the malware. Sharma also wanted an open and transparent Supreme Court-monitored judicial probe into the hacking case.

The Member of Parliament from Hyderabad and the chief of AIMIM, Asaduddin Owaisi, said that the Central government is accountable to reveal whether it has links to the NSO.

"Did you use NSO spyware or not? Did you target specific people named in news reports? NSO, which owns Pegasus, has repeatedly clarified that it sells its services to "vetted governments" alone. This is why, GoI has to disclose if it availed these services & the people who were targeted," he tweeted.

What the Indian Govt has to say?

In a response to detailed questions sent by Pegasus Project partners to the Prime Ministers' Office earlier this week, the Ministry of Electronics and Information Technology said that "India is a robust democracy that is committed to ensuring the right to privacy to all its citizens as a fundamental right" and that the "allegations regarding government surveillance on specific people have no concrete basis or truth associated with it whatsoever."

As part of its investigation, the Pegasus Project has sought the Prime Ministers' Office the details about its association with the NSO Group in hiring the Pegasus assistance. The Ministry of Electronics and Information Technology, to its reply, extolled its diehard allegiance to the democratic values and its commitment to protecting the right to privacy of all its citizens as a fundamental right.

Though the Ministry has rejected government-based surveillance on specific people as baseless, it said that if any interception, monitoring, and decryption were made it had followed the due process in the laws.