The NSO Group, an Israeli company that sells Pegasus spyware worldwide, on Sunday (July 18, 2021) came under the radar of the Government of India after reports emerged of it had leaked sensitive data of the cabinet ministers, opposition leaders, businessmen and journalists among others.
It was revealed by a global collaborative investigative project that Pegasus spyware targeted over 300 mobile phone numbers in India including that of two serving Ministers in the Narendra Modi government, three Opposition leaders, one constitutional authority, several journalists and business persons.
According to a report by the Wire, the phone numbers of over 40 Indian journalists appear on a leaked list of potential targets for surveillance, and forensic tests have confirmed that some of them were successfully snooped upon by an unidentified agency using Pegasus spyware.
What is Pegasus spyware? Pegasus is a type of malicious software or malware classified as spyware.
Such spyware is designed to gain access to your device, without your knowledge, and gather personal information and relay it back to whoever it is that is using the software to spy on you.
It was developed by an Israeli firm NSO Group that was set up on January 25 2010. According to an Amnesty International report, the first name initials of the founders form the acronym ‘NSO’. The founders are Niv Carmi, Shalev Hulio and Omri Lavie. NSO Group’s website states that the company creates technology that “helps government agencies” prevent and investigate terrorism and crime to save thousands of lives around the globe.
Pegasus spyware was initially meant to be used by governments on a per-license basis. In May 2019, its developer had limited the sale of Pegasus to state intelligence agencies and others.
It is considered to be the most sophisticated spyware among all such products available in the market. It can easily infiltrate iOS, Apple’s mobile phone operating system, and Android devices.
The human rights policy of the company includes contractual obligations requiring NSO’s customers to limit the use of the company’s products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights.
Allegations of snooping, phone tapping
In late 2019, WhatsApp had claimed that nearly 1,400 of its users in twenty countries, including some Indian journalists and activists, had been targeted by Pegasus in May that year. It alleged that the spyware exploited its video calling system and a specific vulnerability to send malware to mobile devices. The vulnerability has since been patched.
NSO allegedly first created fake WhatsApp accounts, which were then used to make video calls. When an unsuspecting user’s phone rang, the attacker transmitted the malicious code and the spyware got auto-installed in the phone even if the user did not answer the call.
Through Pegasus, the attacker then took over the phone’s systems, gaining access to the user’s WhatsApp messages and calls, regular voice calls, passwords, contact lists, calendar events, phone’s microphone, and even the camera.
The NSO Group has categorically denied all allegations of wrongdoing and said that it sold Pegasus only to “vetted and legitimate government agencies”.