Pegasus – A Weapon For A Different War

Journalists and news organizations can do yeomen service to the world by opening our eyes to the wheeling dealing, which happens in the name of statecraft, diplomacy and internal security. They also give us a peep into the world’s underbelly, which is greasy and is kept intact in the name of security, territorial integrity, sovereignty and the ultimate power of the nation states not to divulge anything. All we need to understand is how tech is used for things it is not meant for and not made public.

A recent news from the apex court of the country said, there is a strong indicator state used Pegasus for spying, pointing to the involvement of "the state, its intelligence and law enforcement agencies" in using Pegasus for unauthorised surveillance, at least two cybersecurity experts told the Supreme Court-appointed committee. A researcher reportedly analysed iPhones of seven people, of which two were found to be infected with Pegasus, Cyber experts told the Supreme Court panel.

Pegasus can be very safely be termed as the most potent weapon, since the atom bomb. A year-long investigation including inputs from government officials, leaders of intelligence and law enforcement agencies, cyber weapon experts and lots others has clearly proven how Israel’s ability to approve or deny access to NSO’s cyberweapons has been entangled with its diplomacy.

In a shocking news, Chief Executive Officer of NSO Group, Shalev Hulio, in an interview to Israeli Channel 12 said, strongly defended the company's operations, though he also conceded that some "mistakes" may have happened over the years. Our technology has over the years helped the interests and national security of the United States quite a bit," he claimed.

Pegasus used spear phishing to enter phones, utilising a message designed to entice the target to click on a malicious link. However, it evolved into “zero-click” attacks with the phones being infected without any action from the target individual. In 2019, WhatsApp released a statement saying that Pegasus could enter phones via calls made on the platform, even if they were not attended.

Pegasus used several such “exploits”, or weaknesses, to enter Android and Apple phones; and many of these exploits were reportedly “zero day”, which means even the device manufacturers were unaware of these weaknesses. Pegasus can also be delivered over the air from a nearby wireless transmitter, or manually inserted if the target phone is physically available. Once inside the phone, Pegasus seeks “root privileges”, a high level of control over the phone that enables the spyware to establish communications with its controllers through an anonymised network of internet addresses and servers. It can then start transmitting any data stored on the phone to its command-and-control centres.

The NSO story might be new to the Indian audience, but it has been making waves since its inception. Pegasus as a tool for the first time took the law enforcers and that ilk in a winning situation, provided it was used only for the right purpose