TNS Explainer: The Pegasus pandemic, when it started in India, and how you can protect your devices!

Is my phone being spied? Can the government exercise more privileges to use the surveillance technologies as per its desire? Do the regimes have a right to breach and break the grounds of privacy under the guise of countering terror and crime? Why governments should endanger and intimidate their own people and such acts from the governments warrant treason or an exemption from impunity? These are a slew of questions that would remain with the dearth of answers unless the illicit use of cybersecurity platforms is curbed. 

The Pegasus pandemic - which appears to be more dangerous than the Covid-19 pandemic, has hit the globe as a nightmare. The nightmare of what if the technologies that walk with us like our shadow hit us hard with their horrible face. The Pegasus spyware is the latest revelation of how the skyrocketing use of technologies would never hesitate to harm us at a greater scale. Why the globe is shaken by the Pegasus reports? Because the Pegasus Spyware, developed by an Israeli-based NSO Group, is only sold to the governments. The governments, including the people formed and monarchial, are buying the spyware with the claim of countering terror and crime. 

However, it's not what has happened. The spyware has targeted thousands of people including political leaders, journalists, activists, human rights defenders, and businessmen. An international media consortium has on July 19 revealed how the Pegasus spyware was used to spy over 50,000 phone numbers across the globe. India is one of the potential targets by the spyware as over 300 people in the country, including Union Ministers, Opposition leaders, 40 journalists, a sitting judge, activists, and several businessmen, were believed to have been spied on by the government. 

What the opposition called state-sponsored espionage on hundreds of people, some of the prominent Indian names whose phones were targeted by the spyware include Union Ministers Ashwini Vaishnaw and Prahlad Patel, Congress leader Rahul Gandhi, Political strategist Prashant Kishor, The Wire editor-in-chief Siddharth Vardarajan, its journalist Rohini Singh, The Hindu journalist Vijaita Singh, Delhi University professor Abdul Rahman Geelani, and the woman who accused former Chief Justice of India Ranjan Gogoi of sexual harassment. 

On the front of when the spying started in India, the reports say that the selection of Indian numbers was started around the time when Prime Minister Narendra Modi has visited Israel in 2017, which has become the first trip to Israel by an Indian Prime Minister, and met with his then Israeli counterpart Benjamin Netanyahu. India is not alone in this snooping list as the countries including Bahrain, Hungary, Mexico, Morocco, Rwanda, United Arab Emirates, and Saudi Arabia are in the club. 

What is Pegasus and how it works?

Pegasus is spyware developed by an Israeli-based NSO Group and it can be installed covertly on mobile phones. NSO has claimed that spyware provides the technology to governments to help them in countering terror and crime. Once installed in a phone, the spyware is capable of reading text messages, tracking calls, collecting passwords, tracking location, accessing the target device's microphone and camera, and harvesting information from the mobile applications. 

In August 2020, an Israeli newspaper has said that the NSO Group had sold Pegasus spyware for hundreds of millions of US dollars to the United Arab Emirates and other Gulf states for surveilling journalists, anti-regime activists, and political leaders from rival nations - it clearly reveals the purpose why the countries buy the spyware. Pegasus has come into existence in 2010 and the spyware infiltrates phones without the knowledge of the phone holder and covertly controls the microphones and cameras. 

The spyware is capable of escaping detection and after it enters the device, it can completely observe and control the device and can carry out the task of spying through listening to your ears, seeing your contacts, and breaching your privacy. If the government can possibly invoke the spyware in one's mobile, the recipient will be under the scanner all day. Moreover, Pegasus can easily access passwords, contact lists, calendar events, and live voice calls from popular mobile messaging applications. It has the capability of turning on the microphone and the camera and uses the GPS function on the phone to track a target's location and movements. To put it in a simple term, it will be everywhere on your mobile if it's installed.

How you can protect your devices against Pegasus? 

Due to its covert operation, it's quite impossible to know whether your devices became vulnerable to spyware. According to reports, Pegasus and related software are hard to detect and it is possible for a device to get affected due to the existing vulnerabilities. However, there are some handy measures that you can take to shield your devices from the Pegasus pandemic. According to The Washington Post, which was part of the media consortium that worked on Project Pegasus, one of the key precautions is to maintain your device and its software updated.

The updation can be done by activating automatic updates. For software like Pegasus, devices that are older than five years and with outdated operating systems are havens. We have to ensure to keep our devices with up to date technology to avoid vulnerability and one of the important ways through which you can increase the security is to use difficult passwords, that won't be easily guessed, for your device and such usage is highly recommended for every site and every app. 

Keeping a safe and secure password manager would reduce the chances for Pegasus to enter your device. The other important and most notified factor is that evading suspicious links or attachments. It is recommended not to click the links and attachments that you have received from people that you don't know. Completely deleting the older messages and securing the inbuild mobile apps would keep the spyware at the bay. Claudio Guarnieri of Amnesty International, the human rights group that is part of the investigation, said that the NSO has recently abandoned the suspicious SMS to target one's device. 

Rather than sending suspicious SMS, NSO Group has been concentrating on the software installed by default on mobiles to covertly enter the devices. Some of the default software like iMessage and Music apps on iPhones have become a significant route to Pegasus to potentially hack your devices. Guarnieri says that the NGO is searching for more weaknesses in phones and has expanded the ways to infect phones.

Amnesty International vs NSO Group:   

Danna Ingleton, the Deputy Director of Amnesty Tech, said, "Our forensic analysis has uncovered irrefutable evidence that NSO's spyware has successfully infected iPhone 11 and iPhone 12 models. Thousands of iPhones have potentially been compromised." Amnesty International has said, "Until NGO Group and the surveillance industry as a whole can show it is capable of respecting Human Rights, there must be an immediate moratorium on the export, sale, transfer, and use of surveillance technology. 

On the other hand, responding to a request for comment by media organizations involved in the Pegasus project, NSO Group said "It firmly denies the claims and stated that many of them are uncorroborated theories which raise serious doubts about the reliability of your sources. As well as the basis of your story". It has been reported that on July 20, a day after the revelations, Amazon Web Services had closed the infrastructure and accounts related to NSO Group. The shutdown has come after it was revealed that the information from phones infected by Pegasus was sent to a service built by Amazon as Amazon CloudFront. The service is built as a content delivery network to deliver the content to users by its customers. According to Amnesty's report, the usage of cloud services has shielded NSO Group from internet scanning techniques.