Recently, a global collaborative investigative effort titled the Pegasus project, revealed that Israeli company NSO Group’s Pegasus spyware targeted over 300 mobile phone numbers in India. As per reports, at least 40 journalists, Cabinet Ministers, and holders of constitutional positions were possibly subjected to surveillance. The reports are based on a leaked global database of 50,000 telephone numbers.
What is Pegasus?
It is spyware created by NSO Group, an Israeli cybersecurity firm founded in 2010.The NSO Group’s founders come from Unit 8200 – Israel’s elite defense force. It is also the Israel Defence Force’s largest military unit and probably the foremost technical intelligence agency in the world.Pegasus spyware can hack any iOS or Android device and steal a variety of data from the infected device.It works by sending an exploit link and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone.Pegasus can be deleted remotely. It’s very hard to detect and once it’s deleted, leaves few traces.It can also be used to plant messages/mails which is why there are theories it may have been used to plant fake evidence to implicate activists in the Bhima Koregaon case.
Pegasus is designed for three main activities:
1 collection of historic data on a device without user knowledge
2 continuous monitoring of activity and gathering of personal information and
3 transmission of this data to third parties.
Israel identifies Pegasus as a cyberweapon and claims that its exports are controlled.
Pegasus spyware has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks which do not require any action from the phone’s user. It is the worrying aspect of spyware.
- It helps spyware like Pegasus to gain control over a device without human interaction or human error.
- Most of these attacks exploit software that receives data even before it can determine whether what is coming in is trustworthy or not, like an email client.
- They are hard to detect given their nature and hence even harder to prevent. Detection becomes even harder in encrypted environments, where there is no visibility on the data packets being sent or received