17th February – Pegasus – A powerful tool of surveillance

The Facebook’s subsidiary company—WhatsApp, on 29 October 2019, filed a lawsuit in the United States California’s Northern District Federal Court against Israel-based cyber-arms firm— the NSO Group, for infecting ‘specific’ group of WhatsApp users worldwide, mainly belong to civil societies, through their spyware program—Pegasus (also known as Trident).

Background –

  • Few reports claimed that the Pegasus, created by the NSO group, was used for surveillance on Human Rights activists, and journalists, and in early 2019.
  • It was used for State-on-State espionage in Pakistan. According to anonymous sources, at least two dozen of Pakistan’s senior defence and intelligence officials were allegedly targeted. This underscore the fact that Pegasus can be utilised for State-to-State espionage.

What is ‘Pegasus’?

  • The phenomenon of ‘Pegasus’ origin is from the Greek mythology where an immortal, winged horse with an ability to fly, had an arsenal of supernatural powers—a free passage from the mortal to the immortal realm.
  • Equipped with powerful coding, the NSO group’s Pegasus program can survive OS (Operating System) reboot, factory resets, and OS upgrades.
  • Other than Android and iOS, it can breach into the Symbian and Blackberry OS devices. It can infiltrate the smartphones, irrespective of the OS, in incognito mode and majorly work on three aspects:-
  1. collection of the historical data on the device,
  2. continuous monitoring of the activities or actions, and
  3. transmission of the data to third-party anonymously.

How does it function?

  • Post-infiltration of a smartphone or cellular device, the Pegasus scans the device and prevents the device from downloading any updates which would identify the malicious program and get rid of it by updating the OS security.
  • Further, the Pegasus installs some essential modules (set of instructions which separate the functionality of a program to work independently to attain the aspect of program) to read the messages, mail, listen to calls (both incoming and outgoing—including Internet calls), capture screenshots as per program instructions, log the keys pressed, capture browser history, contact lists, and monitor every event which has occurred in the device.
  • At the end of its surveillance operation, the Pegasus program is equipped with self-destruct instructions under which it removes itself from the device(s) to ensure that it cannot be traced back.

Way forward for India –

  • As a part of a counter-terrorism strategy, India may deploy the Pegasus program to do the eavesdropping on the communication channels of the terrorist groups.
  • In November 2019, India had planned to push a mandate on data localisation concept which will compel the digital companies to store data of Indian users within the geographical boundaries of India. If the data localisation would have been there, the investigation of the data infringement cases using the spyware program such as Pegasus would have been easier, effective, and timely.

SourceVIF India

QUESTION – What is ‘Pegasus’? How can it be beneficial for India’s cyber warfare and cyber espionage objectives?

Leave a Comment

Your email address will not be published. Required fields are marked *