A global investigation has shocked the world with the revelation that several countries have turned into surveillance states straight out of movie scenes. An investigation done by organisations including The Guardian seem to suggest that various sovereign governments have been abusing hacking software by NSO Group, an Israeli surveillance company.
Operators of Pegasus, the spying software, are able to extract photos, emails, messages, slyly activate microphones, and record calls once the malware attacks Android or iPhones devices. Several business executives, academics, religious figures, and NGO employees as well as government officials including cabinet ministers, prime ministers, and presidents, and union officials have been targeted by the malware.
Previous versions of Pegasus lured targets through malicious links that were sent to them, which resulted in the software getting installed on their mobiles. This helped operators of the software to track the target’s private data like texts, passwords, emails, and calls.
How does Pegasus operate?
Experts have said that after installation, Pegasus links the targeted device to Command-and-Control Servers (C2s). These are domains or computers that receive or send commands from and to the targeted devices. To avoid suspicion, the software is designed to function on minimal bandwidth consumption and send regular updates to C2s.
The updated version of the malware uses zero-click attacks. Zero-click attacks do not lure targets by making them click on suspicious links to activate the malware. These zero-click attacks are carried out by exploiting the bugs and zero-day vulnerabilities that are there in a device’s operating system but have not been fixed.
This is not the first time, though, that Pegasus has made headlines. The Citizen Lab, a Canada-based cybersecurity agency, published a report in September 2018 that identified 45 countries where spyware was being used. WhatsApp said in October 2019 that Indian human rights activists and journalists had been targeted for surveillance by operators of Pegasus. WhatsApp said that the software was used to launch malware on over 1,400 phones.
Pegasus code could be installed by launching a WhatsApp call on a target device, irrespective of whether the target answered the call. NSO began exploiting vulnerabilities present in Apple’s iMessages which allowed NSO backdoor exposure to millions of iPhones. Apple has maintained that it keeps updating its software regularly to avert such attacks.
Concerns regarding Pegasus
The hacking software is developed, licensed, and marketed to governments across the globe by NSO. Amnesty International’s Claudio Guarnieri, who runs its Berlin Security Lab, has improved research on how to find evidence left on a target phone after a successful launch. Guarnieri, while explaining the malware, said that it is getting increasingly difficult for the targets to notice attacks. He also explained suspicious text messages were ignored by clients for the subtler zero-click targeting.
Pegasus is more sought after worldwide because of its ability to crack open Apple’s touted security walls. Apple’s products are popular because of their ostensibly fool-proof security, but Pegasus has been able to find a way to compromise Apple’s security, making it more sought after.
Such is the power of the malware that it can switch on a phone’s camera as well as a microphone to record the happenings around the vicinity. It can track up to 500 phones annually and about 50 in a go. The approximate cost for Pegasus’s license is about $7-8 million annually.
Sovereign countries and their citizens have been targeted by malware. It is being reported that democratic elections in countries like India are feared to have been compromised by hacking. The world is going digital at a speedy pace. There is no aspect of normal life that has not been touched by technology. There is no way one can escape the grip of technology.
This makes this incident of hacking more complicated and worrisome. There would be no easy or simple fixes to this problem. Large-scale coalitions, including the private sector, governments, and civil societies across geographies have been formed to control the unmitigated abuse of digital technology.
NSO Group, which sells this software to governments alone, and other such companies have been accused by stakeholders and experts of strengthening authoritarian governments across the world with such potent tools. Politicians and administrators are being questioned, and accountability is being demanded urgently. It is being described as a public emergency that has threatened human rights and liberal democracy worldwide.
This comes at the backdrop of governments globally disregarding democratic principles. Rising cases of spying call for an internationally sanctioned audit of these companies and effective civil society activism. Judicial and legislative accountability is imperative in the face of surveillance of citizens. Democracy is being put to the test and now, more than ever, it is important to safeguard it from tools like Pegasus.
Some experts have said that it would be foolish to assume that the Israeli government would not have visibility to these data, though NSO has denied the government having access to its systems. It said that NSO was a private company and not a tool for Israeli diplomacy. It neither takes directions from any government nor is it Israel’s intelligence agent.
Software-based surveillance is unacceptable as it is a betrayal of constitutional values. If it has been conducted by any foreign country, its unlawful surveillance by foreign agents. It becomes even more important, hence, to investigate who is behind this fundamental violation of citizens’ rights. Journalists and activists from several countries who were working actively to make respective governments more accountable have been targeted by the software.
Pegasus can be called bane of the technological advancement. It is so potent that once after installation by any means to the device, it can potentially access all the available information there, even encrypted chats and files. While many tech giants like Facebook, Cisco, Microsoft, Google, and more have openly criticised the use of spyware tools by groups like NSO, it’s the responsibility of all to put a check on this unaccountable surveillance technology.
Disclaimer: The opinions expressed in this article are those of the author. They do not purport to reflect the opinions or views of this publication.