Pegasus: The software that spies on you in broad daylight6 min read

Reading Time: 4 minutes

Imagine that your entire online world – social media, messages, data, passwords, logins, etc., was kept safe and private with a lock, and only you have the key. So what happens if someone somewhere in the world managed to make a duplicate key, and broke in? They’d get access to all your data – whom you’re speaking to, where you travelled, what money transactions you made, and anything else you hold precious! Scary, right?

The name of this duplicate key is Pegasus. Not Pegasus the mythical horse from Greek Mythology, but a surveillance tool that lets you spy on people! In the latest political scandal in India, this tool was found installed onto the smartphones of prominent journalists, politicians and activists.

In today’s Law and Order, let’s get to the bottom of this issue.

What is Pegasus?

Created by Israeli cyber intelligence firm NSO Group, Pegasus exists primarily to help law enforcement battle crime. The NSO says that it intended to “develop best-in-class technology to help government agencies detect and prevent terrorism and crime.” 

However, somewhere along the way, this mission changed. Some prominent media companies, including The Guardian, Washington Post and The Wire, decided to dig deeper. What they found was that this technology was now being used to monitor and target specific individuals and gather data on them.

The Right to Privacy is a fundamental right and is an integral part of the right to life and liberty.

Who is being spied on?

The investigation was conducted by a Paris-based organisation called Forbidden Stories and Amnesty International, which found that more than 50,000 phone numbers of people across the world had been infiltrated by Pegasus.

From the list, journalists were able to identify more than 1,000 individuals in 50 countries who were allegedly selected by clients of NSO for potential surveillance.

This includes 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists, and several heads of state, according to The Washington Post. The journalists work for organisations including The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde, and The Financial Times.

Interestingly, the finding revealed that most numbers on the list – 15,000 – were from Mexico-based phones, with a large share in the Middle East. 

Indian journalists

EGI is shocked by the media reports on the wide spread surveillance, allegedly mounted by government agencies, on journalists, civil society activists, businessmen and politicians, using a hacking software known as #Pegasus, created and developed by the Israeli company NSO. pic.twitter.com/I4M9pOsPTt

— Editors Guild of India (@IndEditorsGuild) July 21, 2021

According to The Wire, the Pegasus spyware’s database included numbers of 40 journalists, three major figures belonging to India’s opposition parties, two ministers in the Narendra Modi government, current and former heads and officials of security organisations, many businesspersons, as well as a judge.

The leaked data includes the contact numbers of top journalists at big media houses like the Hindustan Times, India Today, Network18, The Hindu and Indian Express, The Wire said.

The mobile phone of a former Delhi University professor was also allegedly targeted, while the database also included at least nine numbers belonging to eight activists, lawyers and academics.

In some good news though, The Wire added that the mere presence of a phone number in the leaked data does alone not reveal whether a device was infected.

How does Pegasus work? 

There are a variety of ways that Pegasus can install itself onto a smartphone. The simplest way is to get the user to click on an infected link or use the voice call feature on WhatsApp that allows installation simply by placing one missed call. The scary part is that the tool also deletes the call logs afterwards, so you have no way of knowing what happened!

The more recent traces have used a method called ‘zero-click’. This allows Pegasus to start working without needing the user to actually do anything. It uses specific ways to get into Android and Apple phones.

What next?

Once Pegasus sneaks its way onto a smartphone, it can track your call logs, monitor your calls, access your camera to record video and use your microphone to record audio. It can read your browsing history and collect information on your app activities. It can read your inputs and, it can even use your GPS to track your current location.

All of the data from the smartphone is extracted and sent to whoever is controlling it. This process is invisible and hard to detect. 

What is the government saying?

Government of India’s response to inquiries on the ‘Pegasus Project’ media report. pic.twitter.com/F4AxPZ8876

— ANI (@ANI) July 18, 2021

The people whose phones Pegasus was found on are shocked and mad. They have blamed the Narendra Modi government for being behind this.

The government, however, has dismissed these claims, saying there is “no concrete basis or truth associated with it whatsoever.”

The government, in its response, said India is committed to ensuring the right to privacy to all its citizens as a fundamental right, and for that, it has also introduced the Personal Data Protection Bill, 2019 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to protect the personal data of individuals.

Sources: The Wire, Hindustan Times, Indian Express, The News Minute

Images and GIFs: Giphy