Pegasus

Context: In his recent lecture at Cambridge University an Indian opposition party leader alleged that the Israeli-made spyware Pegasus had been used to snoop on him.

What was the Pegasus issue?

  • Pegasus, developed by the Israel-based cybersecurity company NSO Group, first made headlines in October 2019, when Facebook-owned platform WhatsApp said that journalists and human rights activists in India had been targets of surveillance by operators using the spyware.
  • At the time the platform didn’t reveal the names, identities and “exact number” of those targeted for surveillance but told the media that it had contacted each one of them.
  • Two years later, a global collaborative investigative project revealed that Pegasus might have targeted 300 mobile phone numbers in India, including that of two ministers in the Central government, Opposition leaders, a constitutional authority, and several journalists, civil society leaders, and business persons.
  • The government has repeatedly rejected the findings of the global media investigation, it didn’t provide any facts on the matter, and never explicitly denied the use of the spyware.

How does Pegasus work?

  • Initially it was  reported that the  Pegasus spyware works only by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone.
  • However, later it was revealed that Pegasus had evolved its method by using ‘zero-click attacks’, which do not require any action from the phone’s user.
  • Once spyware is installed in a phone, it begins contacting its operator’s control servers to receive and execute operator commands and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.
  • The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.

Supreme court’s stand on the controversy?

  • Following a huge uproar, the Supreme Court, in October 2021, ordered an investigation headed by Justice RV Raveendran to conduct a thorough inquiry into the allegations.
  • After months of examination, two reports were submitted to the court, one by Justice Raveendran and another by a technical committee that analysed some of the phones allegedly targeted by Pegasus.
  • In August, then Chief Justice of India N V Ramana said that the committee didn’t find any conclusive evidence on the use of the spyware in phones examined by it.
  • Notably, out of hundreds of phones that were allegedly targeted by Pegasus, only 29 phones were submitted to the committee for examination.
  • The court revealed that the technical committee had found malware in five of the 29 devices that it got, but it had failed to determine if the malware was Pegasus.
Practice Question

1.    What is Pegasus? What are the privacy and cyber security threats faced by India?