An introduction to the Pegasus spyware:
Pegasus is a character from the Greek mythology, a white flying horse with two giant wings. Pegasus is said to be a gift from Poseidon (the God of sea, storms and horses) to his son Ballerohon. Now, Ballerohon thought that he could ride the Pegasus to Mount Olympus and then eventually reach heaven. Things did not go as planned and Ballerohon on his way to Mt. Olympus fell from the back of Pegasus and died. But the important part of this mythology lesson is the weapon that Ballerophon wielded, a spear which he used to kill the fire breathing monster Chimera. This spear is the metaphor behind the term “spear phishing technology” which is what the Pegasus software uses.
Pegasus is probably the most sophisticated piece of technology that we know. It has been by the NSO Group. NSO is the abbreviation of the names of its three founders that is Niv Carmi, Omri Lavie, Shalev Hulio who founded the company in 2014. These three used to work in the super secret Israeli agency named “8200” whose job was to produce electronic intelligence for the Israeli government.
NSO claims to sell the Pegasus spyware to governments only. The idea is to use this tool in the fight against terrorism. Pegasus caught the eye of the world governments in its foundation year only that is in 2014 when it was used by the Mexican government to catch the notorious drug lord Joaquin “El Chapo” Guzman. In 2015 the company generated a revenue of $150 million and in 2017 it was sold for more than a billion dollars to Novalpina Capital and two of its founders Shalev Hulio and Omri Lavie.
Pegasus is a piece of malware that has known to be around roughly since 2014 and with time it has been enhanced and modified in various aspects. At its full capacity it can turn any smart phone (be it android or iOS) into a fully fledged surveillance device which means it can look at messages, it can record phone calls, it can record audio through the microphone, it can record video, it can take photos, it can look at the photos and videos that are already there on the phone and it can even access the location data and the list goes on. Now the technology like that does not come cheap. Any government around the world needs to pay millions of dollars if they wish to use a licensed Pegasus.
How does Pegasus work:
Everyone has heard about bugs. Not ones which bother you when you sit by the fire but the ones that bother you when you use your smart phone, PC or laptop or any other electronic device. Bugs are an inevitable part of technology, they exist everywhere. The number of bugs in a software is directly proportional to the complexity of the software. More the software is complex the more number of bugs it has.
There are ordinary bugs which may cause some glitch in the user interface of your device or may cause your device to turn off or may cause the camera of your device to stutter, they can cause many kinds of malfunctions. These ordinary types of bugs are easily fixed via and OTA update once they are spotted or identified.
Then there are security bugs. Every operating system in this world be it Android, iOS, Windows, MacOS, Linux or even Ubuntu, all of them have their fair share of security bugs. The applications we use, the websites we surf, the network services we use, the servers that run everything that we do on the internet, the internet itself each and every one of them have security bugs. And the reason that they are so serious is that once you can breach the security, then you have unauthorised access. That is what Pegasus is all about, “UNAUTHORISED ACCESS”.
Most companies treat these security issues very seriously. For example Google has this “Vulnerability rewards program” where if any individual finds any vulnerability in android, chrome or play store and demonstrates that using that vulnerability he or she can bypass some kind of security mechanism then google pays them money. In fact in 2020 google paid out 6.7 million dollars to people who found out some kind of security bugs in google’s products. There are actual professional researchers who spend all their time in finding security bugs in google, iOS, windows etc. But the fact is that there are far more security bugs than there are researchers. Here, come in the researchers of NSO who get paid much more handsomely than the freelance researchers who depend entirely on rewards. More money brings out more passion and dedication. The researchers of NSO also find out security bugs in google, facebook, android etc but they do not share this information with the company rather they keep it for their own use. In fact NSO has paid many free lance researchers to not disclose the bugs that they have found. Such a vulnerability is known as the “zero day vulnerability” where someone (NSO) knows about the vulnerability but the author does not have any idea about it.
International Agreements regarding Pegasus:
Pegasus can easily fall into the category of weapons. The Israeli government also treats it as a “Weapon system subject to export control”. Which means that owner of the software Pegasus that is NSO, can not export its product without the clearance from the Israeli government. The reason behind these restrictions is that it is dual use technology that is it can be used by both, the good guys as well as the bad guys. In fact it also comes under the Wassenaar Arrangement, which is the international agreement between multiple countries regarding the use of dual use technologies. Pegasus comes under the most sensitive list of this agreement. India became a member of the Wassenaar Arrangement in 2017.
Pegasus comes under EUMA (End – User Monitoring Agreement) which enables the Israeli government and NSO with the right to monitor the use of the software by anyone who has purchased it.
List of some prominent figures who were allegedly being spied on by the government:
He is a BJP politician and a Member of Parliament from Damoh constituency. Now, why the government would spy on their own. The reason is obvious, suspicion on loyalty. Interestingly Mr. Prahlad Patel was the Minister of Culture with Independent charge and after the recent cabinet reshuffle he has been downgraded to Minister of State in Jal Shakti Mantralaya without an independent charge. Mr. Patel being himself in the government was heavily surveilled. His entire family and staff was under the radar, with about 15 persons around him being surveilled for quite some time.
Again a BJP politician and an ex bureaucrat. He has been given a very important dual portfolio that is Railways as well as IT ministry after the reshuffle.
Former election commissioner of India. He was the one who raised concerns regarding the 2019 central government elections, after the elections he faced income tax troubles and finally chose to leave India and join the Asian Development Bank. Story makes it clear why he is on the list.
Member of the association of democratic rights. He made a lot of noise against the anonymous electoral bonds scheme of the government which may have led to his placement on this list.
He briefly served as the officer on special duty to Smriti Irani when she was made Minister for the first time.
Former International President of Vishwa Hindu Parishad. But it is all in public domain that from the times of Gujrat politics, he and Modi have been at odds with each other. Back in the day Narendra Modi had even gotten him arrested and threatened to lock him up under the toughest laws of national security.
The current Prime Minister of Pakistan is the most obvious and the only name that the Indian government can justify being on the list. However getting into the phone of the Prime Minister of your rival country is definitely a very commendable job for any intelligence agency but it would have been much better if they have gotten into General Bajwa’s phone.
Is the government really guilty:
If we go by facts then it is a fact that all the names that have surfaced were definitely being snooped on. Newspapers like The Washington Post and The Guardian have proved their points with facts and data. And it is also a fact the NSO sells the software only and only to governments and no one else.
Now, no matter how much the government tries to cover it up. But the fact is that the cat is out of the bag now. Some sources also claim that the government may have used the spyware to topple the government in the state of Karnantaka. Many more shocking revelations are on the way.
However filmy this whole fiasco may seem, the fact is that it is unethical, illegal, immoral and corrupts the notions of privacy on a whole new level.