Pegasus, another state-led attack on India’s democracy

WHAT IS PEGASUS:

Pegasus is spyware - loosely defined as malicious software - that was developed by NSO Group, an Israeli cyber arms firm. This software can be installed ‘sub rosa’ on mobile phones - and other devices - which use/run on most versions of Android and iOS.

As of 2016 - nearly 5 years back - Pegasus was able to read text messages, track calls, collect various passwords, track the location, access the device’s microphone and camera, and last but not least harvest information from installed apps.

The 2021 Project Pegasus disclosure suggests that the contemporary Pegasus software can exploit all iOS versions up to iOS 14.6

Pegasus was properly discovered in August 2016, after an unsuccessful installation endeavour on the iPhone/device of a human rights activist. When news of this spyware reached the ears of the public, it received quite a lot of media coverage. It was called the “most sophisticated” smartphone attack in history. It has also been marked/known as the first time that a malicious remote exploit using jailbreak to gain unrestricted access had ever been detected/noticed on an iPhone.

In July 2021, an in-depth analysis by Amnesty International - a human rights group - denounced that Pegasus was still being used against a bunch of high-profile targets. This examination/survey also revealed that Pegasus was able to infect all these iPhones/devices - up to iOS 14.6 - through a zero-click iMessage exploit.

This spyware is named after the mythical winged horse Pegasus, which as a few people say, can be ‘sent flying through the air to infect devices. This malware is a Trojan Horse - a program designed to breach the security of a computer/device system.

BACK TO THE TOPIC..… :

Regarding Pegasus, Siddarth Varadarajan, co-founder of The Wire - a piece of Indian nonprofit news and opinion website - has said ‘You feel violated, there’s no doubt about it. He said ‘This is an incredible intrusion.’ ‘Nobody should have to deal with this.

According to the innumerable media reports, Mr Varadarajan was one of the activists/lawyers/politicians/journalists - one of the high-profile targets - around the world who was targeted with this spyware that was sold to the government by the Israeli firm. Due to this malware, the personal information/credentials of nearly 50,000 numbers of interest to the firm’s clients have been leaked. According to The Wire, the leaked information of 300 and/or more purportedly belong to Indians.

There have been 16 international media outlets that have been inspecting/auditing this leaked list, and the usage of Pegasus spyware. One of the 16 outlets is ‘The Wire’.

This, however, is not the first time that Pegasus - which can access virtually all of the user’s data - has been linked to the targeting/earmarking of human rights activists, journalists, etc.

In 2019, there was an outrage that occurred in a few countries after WhatsApp confirmed that a few of its users were targeted with spyware. Approximately 120 users from India - this number including activists, scholars, and journalists - were affected by this security breach. A few experts suggested that - due to the severity of the attack - it could involve state agencies in India. WhatsApp later sued NSO, alleging that they were responsible for this attack on WhatsApp users. It is still not clear as to who ordered this attack and precisely how many phones/devices had been affected by the breach.

NSO denied any wrongdoing that they had been accused of - at the time - saying that these claims/allegations had no “factual basis” and were “far from reality”. A spokesperson for NSO told the BBC "We will continue to investigate all credible claims of misuse and take appropriate action based on the results of these investigations".

Similarly, India’s Narendra Modi -led government has once more denied - any - asseverations of unsanctioned monitoring.

Manoj Joshi, a fellow/member of the Observer Research Foundation, a Delhi-based think tank said - Phones can be tapped in India "in the interest of sovereignty and integrity of India" and only on the orders from the senior-most official in charge of the home affairs ministry in the federal and state governments.

"But the processes of such authorization have never been clear,".

During a parliament debate on the breach in 2019, opposition MP KK Rajesh presented many pointed questions to the government. These questions were based on;

- How did the Pegasus spyware come to India?

- Why were people “who were opposing the government” targeted?

Only about 10 agencies in India are authorized to wiretap legally. The most powerful - and therefore most likely the largest of them all - is the Intelligence Bureau, which is 134 years old. The Bureau has a service with wide-ranging powers. Not only does the Intelligence Bureau conduct surveillance on terrorism threats, but it also conducts background checks on candidates for the high office.

Intelligence agencies have a fluctuating/varied history. Both state and federal governments of all political hues seem to have used these agencies to surveil their adversaries as well as the agency's opponents.

Unlike the United States, India doesn’t have any special court/s to authorize surveillance by state organizations.

MP Manish Tewari and former federal minister, has, in vain, tried to introduce a ‘private member’s bill’ in the parliament, hoping that this bill will regulate the use of power by intelligence agencies/organizations in India.

Rohini Lakshane, technologist and public policy researcher has said that since the Parliament is likely to be roiled this week by this dissension, it is a good time to ask some much needed - hard questions.

- What happens to the intercepted data after it has outlived its usefulness?

- Can anyone outside the assorted government agencies access this data?

- Where is it stored?

- What are the safeguards and digital security measures placed?

These are only a few of the queries that we need answers to. Events and news like this have triggered a strong outburst from the opposition, the media, and civil society. The reason as to why the response has been so strong is because the use of spyware and how the leaked database appeared, indicates an assault of not only individual privacy, but the very foundations of democracy.

These announcements tell us that the Modi government is prepared to go to extreme lengths to diminish its critics/adversaries.

If left unchecked, this abuse of power that could - and will - affect the rights of every citizen, may increase.