Select Location


Written by:
Prachi Sethi
Published on

Pegasus is a kind of spyware categorized harmful software or malware. Spyware like Pegasus, without your awareness, is meant to get access to your device and to acquire and send the personal information to anybody who spies on it.

Pegasus has been developed by the Israeli firm NSO Group. By the beginning of 2018, NSO Group customers relied mostly on SMS and WhatsApp messages to mislead targets into accessing a malicious link that would lead to mobile device infection. This was presented by a Pegasus brochure as a message about social engineering (ESEM). If you click on a malicious link, packed as ESEM, the phone goes to a server that monitors the operating system and provides the appropriate remote feature. The first reported usage of 'network injectors,' which allowed attackers to install spyware 'without involvement by target,' was made by Amnesty International in its October2019 report. Such installations can be achieved in many ways using Pegasus. One of the OTA options consists in surreptitiously transmitting a push message to load the spyware to the target device, which does not know the installation, and does not have control over that device.

Monitoring seemed systematic in India. WhatsApp's 2019 discovery of the exploitation of the NSO Group spyware software reveals a targeted 121 or more Indians, including later imprisoned dissidents.

The leaked Pegasus list included more than 2,000 Indian phone numbers, showing that the software's possible targets. Hundreds of human rights activists, professors and officials from neighboring nations were amongst them. At least 2 cell accounts used by opposition leader Rahul Gandhi and 9 of his circle's numbers were listed. As per the report at least 10 of the numbers were infected with the software.

Some of the people listed below came into spotlight as they were believed to be infected by the software and turns out were of some interest to the Israeli firm NSO Group:

  • Paranjoy Guha Thakurta is a well-known journalist, writer and documentary filmmaker. Dhirubhai Ambani who was India's richest man and Facebook were being researched upon by him when his telephone was targeted. The Pegasus project by forensic analysis confirmed that he was being monitored. He opens up to forbidden stories that the purpose of him being monitored was to see and get hold of the resources by which he was getting help in his research work.
  • Siddharth Varadarajan is the founder editor of The Wire. The Wire, a non-profit media outlet that criticizes Prime Minister of India namely Mr. Narendra Modi's administration. He believed that they were monitored via the software by the government to keep them under surveillance.
  • Umar Khalid is a co-founder of the Unite Against Hate activist group and former union leader of students at University Jawaharlal in Delhi which avoided a murderous attempt in 2018. In September 2020 he and other student leaders were arrested for a supposed "plot" for instigating fatal riots which broke out in Delhi at the time of India's strict anti-terrorist act. The police said that 40GB of information from his phone had been retrieved as evidence from their computer team. He was picked from late 2018 to early 2019 to target Pegasus.
  • In addition to the "untambly" Dalit caste, Vernon Gonsalves is a large-scale Indian scholar who wrote extensively on minority rights in India and on the jail system. He had urged the removal of the harsh Anti-Terrorism Law in India, which is often applied against journalists. During the 200-year anniversary fight that Dalits won over upper caste rulers in August 2018, he and four other famous defenders throughout the country were held under domestic detention on allegations of instigating violence. All five thought that the lawsuit against them was launched in silence dissidents.

The above list does not stand exhaustive. Many other prominent India who was of great interest to the Israeli firm NSO Group were infected or monitored by the software.

Working of the software…

An attacker generally only has to provide the Pegasus system with the network injection target phone number. The Pegasus booklet states that "the remainder is done automatically by the system and spyware is mostly loaded. Network injections may not function, though, in rare circumstances. Remote installation fails, for instance, when the NSO system does not support the target device or if new security safeguards are added to its operating system.

Reportedly, Pegasus's default phone browser is being modified one way. According to a pamphlet by Pegasus, "the system does not allow installing browsers other than the default device (and also chrome for android-based devices).

Once an attacker is infected, a phone becomes a digital spy. Pegasus connects the C&C servers to receive, execute and transfer the target's privacy data, including passwords, contact lists, calendar events, text messages and live voice conversations, to receive and perform orders (even those via end-to-end-encrypted messaging apps). The attacker may manipulate the phone camera and microphone and track a victim using the GPS feature.

Pegasus provides only periodic updates to a C&C server to prevent significant bandwidth use that may alert a target. Spyware can be disabled and uninstalled by an attacker, whenever necessary to prevent forensic investigation, detecting anti-virus software.

Protection against the infection by the software…

Clever cyber hygiene can theoretically protect against ESEM mishaps. But if Pegasus exploits a weakness in the operating system of a phone, nothing can be done to block the injection of the network. Worse, if you scan the device in a digital security laboratory, you will not even be aware of it. Switching to an outdated device that permits just basic calls and texts would surely restrict data exposure but may not reduce the danger of infection substantially. Alternative devices used for e-mails and applications will also be susceptible until you completely forget to utilize these important services. The best thing is to remain up to speed on every device manufacturer's security and upgrade of the operating system and hope zero-day attacks will become more infrequent. And, if you have a budget, it is probably the most effective although costly cure to change your devices frequently.

The attacker has to successfully infect the new gadget each time it changes, because the spyware is located in the hardware. This might provide both logistical (expense) and technological problems (security update). Unless the resources, which generally are linked to governmental authority, are infinite.