Context: An opposition party leader has alleged that the Israeli-made spyware Pegasus was used to snoop on him.
Pegasus Spyware Background
- In October 2019, WhatsApp said that journalists and human rights activists in India had been targets of surveillance by operators using the spyware.
- In 2021, a global collaborative investigative project revealed that Pegasus might have targeted 300 mobile phone numbers in India.
- However, government repeatedly rejected the findings of the global media investigation
About Pegasus Spyware
- Pegasus is developed by the Israel-based cybersecurity company NSO Group.
- It is designed to gain access to devices, without the knowledge of users, and gather personal information and relay it back to the one using the software to spy.
- It is a type of malicious software or malware classified as a spyware.
- Working of Pegasus
- Initially, Pegasus infected phones through spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
- Later in its evolved version, Pegasus uses ‘zero-click attacks’, which do not require any action from the phone’s user.
- Once spyware is installed in a phone, it begins contacting its operator’s control servers to receive and execute operator commands and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.
- The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.
- Threat from Pegasus
- It can gather information stored on phones such as photos and contacts.
- It can activate a phone’s camera and microphone and turn it into a spying device without the owner’s knowledge.
- It can be delivered through a nearby wireless transmitter, or manually inserted if the target phone is physically available.
Challenges from Pegasus
- Privacy violation: The mere existence of a surveillance system affects both the right to privacy under Article 21 and the practise of free expression under Article 19, whether or not it is authorised by law.
- Putting a Stop to Dissent: It illustrates a troubling development in the employment of hacking tools against opponents and dissidents.
- Individual protection: Lack of privacy puts journalists’ safety at risk, particularly those whose work criticises the government, as well as the security of their sources.
- Self-Censorship: People may struggle with persistent fear of spying. Their capacity to communicate, receive, and discuss such ideas may be impacted by this.
- State-sponsored mass surveillance: When combined with AI, spyware can tamper with users’ devices’ digital content.
- The distant controllers may then use this to divide their opinions.
Supreme Court on Pegasus
- Supreme Court, in October 2021, ordered an investigation headed by Justice RV Raveendran to conduct a “thorough inquiry” into the allegations.
- After months of examination, two reports were submitted to the court, one by Justice Raveendran and another by a technical committee that analysed some of the phones allegedly targeted by Pegasus.
- On August 25, 2022, then Chief Justice of India N V Ramana said that the committee didn’t find any conclusive evidence on the use of the spyware in phones examined by it
- Technical committee had found malware in five of the 29 devices that it got, but it had failed to determine if the malware was Pegasus.
Types of Cyber Attacks
- Malware: It is short for malicious software, and refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and Trojans are all varieties of malware.
- Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.
- Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
- DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
- Man-in-the-middle (MitM) attacks: Also known as eavesdropping attacks, it occurs when attackers insert themselves into a two-party transaction.