You can listen to this article as a podcast on Spotify. Follow 'The Paradigm Daily' on Spotify so that you do not miss out on new episodes!
Prerequisite knowledge: In 2019, WhatsApp delivered a stunning proclamation conceding that a cyberattack abused and contaminated around 1,400 gadgets across 20 nations spanning over four continents. The cyberattack exclusively targeted activists, legal advisors and journalists, of which 20 were Indians. The assault was allegedly done using the Israel-based NSO Group's spyware, Pegasus. This malware has resurfaced and the looming threats are ominous.
What is Pegasus?
Pegasus is a program that permits the programmer a gateway to the phone's microphone, camera, emails, messages, passwords, encoded audios/messages and private images. Structurally, the programmer gets power over the entire phone.
According to the NSO Group(creator), the program has been sold uniquely to government organizations and is designed to battle against terrorists and racketeers but the attacks on journalists and activists in foreign lands narrate a completely different story. This digital invasion has become a burning weapon of human rights violation at a primal level.
Mode of Operation
Technical: A Pegasus administrator should persuade an objective to tap on a uniquely created link that permits the administrator to infiltrate security highlights. Although some zero-click vectors do not require the target user to click or open any link. This consequently introduces Pegasus without the client's authorization.
Once Pegasus is established, it starts following the programmer's order and sends back private information. The administrator can even turn on the phone's camera and microphone to catch live movements and conversations within proximity. The most recent variation of Pegasus can get information from cloud-based records and can even sidestep two-factor verification, making the compromised phone an advanced data-stealing minefield.
Administrator level: A Citizen Lab report uncovered 45 nations with conceivable Pegasus attack, with 33 administrators taking care of observation of the influenced targets. One such administrator, named 'Ganges', was answerable for reconnaissance in India, Brazil, Bangladesh, Pakistan and Hong Kong. Eight telecom administrators in India, including Bharti Airtel Ltd and Hathway Cable and Datacom Ltd, were confirmed to have been targeted by Pegasus.
Pegasus: Ulterior Motives
In 2020, Amnesty and the Citizen Lab identified that nine human rights activists who were involved in the case of Bhima Koregaon were targets of this malware. The spyware is also accused of targeting legal counsellors and activists like Nihalsingh B. Rathod, Ragini Ahuja, Yug Mohit Choudhary and Degree Prasad Chouhan; scholastics like Partho Sarothi Ray and P.K. Vijayan, a journalist who prefers to remain unknown, and human rights groups like Jagdalpur Legal Aid Group (JAGLAG).
National Security at Stake
This incursion by the spyware is not just an encroachment of individual privacy but a tipping point for India's national security. The safety of an application is an essential foundation for preserving user confidence with the increasing digitization of society and such attacks expose the vulnerable citizens, governmental systems and confidential databases open for breach. There is an earnest need to view this issue appropriately by establishing a significant committee with experts and specialists that can reestablish certainty and lead its procedures transparently.
This Article has been written by Apurva Kale for The Paradigm.
See you next time...