Site iconEconomyria

The Pegasus Scandal- What is it and How does the Spyware work?

Credits: YesPunjab.com

The monsoon session of the Indian Parliament has just begun (July 19, 2021) and one of the raging topics of discussion that has been doing the rounds is ‘The Pegasus Scandal’. A day before the start of the Parliament session, The Wire reported that the phone numbers of at least 300 Indians including top politicians, lawyers, journalists, and other persons of interest were on a hacking list of an unidentified agency using Israeli spyware Pegasus.

How bad is the scandal, who has been targeted, and what are its implications? Let us go through all of these.

Pegasus is a spyware (software that enables a user to hack other devices and spy on the victim by covertly transferring data to a master server, oblivious to the victim) developed by the Israeli NSO Group and sold only to vetted governments worldwide. It exploits a device completely and takes control of its audio, video, text messages, images, location, contact list as well as gains access to all the stored information. This can be very harmful for the functioning of democracy as the information may end up in the wrong hands and be misused by international agencies to pose a massive threat to Indian citizens. What is scarier is that the victim may not even need to click on a link; the hacker may just give a missed call or send a text message and the entire device may be exposed i.e., a zero-click iMessage exploit.

The NSO clients comprise as many as ten countries including India, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates, with hack targets present across 45 countries.

Pegasus first came to national attention in India back in 2019 when The Indian Express reported on WhatsApp’s disclosure that journalists and human rights activists were targets of surveillance by operators using Pegasus. The then Minister for Communications, Electronics & Information Technology, Ravi Shankar Prasad said that there had been no unauthorized spying to the best of his knowledge and asserted that India would never compromise on data sovereignty.

On July 18, 2021, The Wire published a report stating that forensic tests have confirmed the presence of Pegasus spyware on some devices and those on the list of potential targets include journalists at Hindustan Times, The Hindu, The Wire, The Indian Express, News18, India Today, etc. The Wire’s analysis of the data also shows that most of the journalists were targeted between 2017 and 2019, in the run-up to the 2019 Lok Sabha elections.

An investigation into the Pegasus scandal referred to as the ‘Pegasus Project’ was launched by a group of 16 media organizations including the likes of The Washington Post and The Guardian, and The Wire from India. In collaboration with UK’s Amnesty International Security Lab, forensic tests were carried out on a small sample of phones associated with the 300 phone numbers in the hacking list which revealed that there are clear signs of targeting by Pegasus spyware in 37 phones, of which 10 are Indian.

The phone of former Delhi University professor Syed Abdul Rahman Geelani (He was arrested in 2003 in connection with the 2001 parliament attack case but was later acquitted for lack of evidence. He died in 2019 following a cardiac arrest) was also tested. He had been receiving customized messages in 2017 just to grab his attention. One of the messages read “United Nations launches online portal for the independence of Kashmir,” sent from an international number. The forensic analysis confirmed that his phone was indeed compromised on and off for over two years.

Similar to this, names of other potential targets for surveillance during 2017-2019 by a client of the Israel-based NSO group have popped up which include former Congress president Rahul Gandhi, election strategist Prashant Kishor, Mamata Banerjee’s nephew Abhishek Banerjee, IT minister Ashwini Vaishnaw, minister of state for Jal Shakti Prahlad Singh Patel, personal secretary to Vasundhara Raje Scindia, officer on special duty (OSD) for Smriti Irani, Vishwa Hindu Parishad (VHP) leader Pravin Togadia, and many others.

The NSO Group has denied allegations of hacking and termed it as false and misleading. It further said that the reports published in this matter lack supporting evidence and are far from reality. Outraged by the allegations, the NSO Group is considering filing a defamation lawsuit against The Wire.

Accusing the Modi Government of betrayal and compromising on national security as the leaked database included names of many Indian citizens, the opposition party has demanded immediate resignation from Minister of Home and Internal Security, Amit Shah, considering him to be unworthy of the position held. The Congress Party has also demanded a probe into the role of Prime Minister Narendra Modi in the Pegasus scandal.

While the name of current IT Minister, Ashwini Vaishnaw has also popped up in the target list, he has ironically defended the government when the matter was raised in the Parliament, saying that any kind of illegal surveillance or hacking is not possible with the Indian laws and robust institutions in place. These are baseless allegations and are meant to disrupt the progress of the Indian economy. Home Minister Amit Shah also alleged that the Pegasus Project Report is aimed at obstructing the ongoing Parliament session.

The scandal raised questions over the Right to Privacy, data possession, and safety which can land the ruling party in massive trouble. We can only wait for further developments.

Economyria is now on Telegram. For a simplified analysis of topics related to economy/ business/ financesubscribe to Economyria on Telegram

Exit mobile version