Taking the world by storm, one day prior to the first day of the Indian Parliament’s Monsoon Session was the news of the spyware Pegasus. The investigation led by Forbidden Stories, a French non-profit organisation, revealed that nearly 50,000 phone numbers worldwide were infected with the malware. This included several Indian journalists, politicians and activists.
Pegasus is spyware that was developed by the Israel based company NSO Group Technologies Ltd. (NSO stands for Niv, Shalev and Omri, the names of the company's founders), a private contractor for the use of government agencies. What makes the malware desirable for clandestine intrusion is the feature that the software cannot be traced back to the government which is using it.
NSO is known for making products that let governments spy on its citizens - even though the company describes its products and their role as helping “government intelligence and law-enforcement agencies use technology to meet the challenges of encryption” during investigations concerning national security. However, the use of this easily available spyware does not sit right with civil liberties groups. Moreover, the fact that their business is limited to government clients only adds to the anxiety.
According to The Washington Post, the spyware can steal private data from a phone, ranging from text messages, contacts, photos and more and send it to the party that has initiated the surveillance. Reportedly, it can turn on a phone’s cameras and microphones to create covert recordings. While older versions of the malware relied on users clicking phishing links, the latest versions have been able to infect a phone without getting the user to do anything - a link is sent to their phones, without notifications and then Pegasus begins the collection of information.
As mentioned before, the target list included around 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists, and several heads of state, according to The Washington Post, a consortium member. However, according to The Wire, “the mere presence of a phone number in the leaked data does alone not reveal whether a device was infected. "Indeed, it is not possible to know whether their phones were targeted by Pegasus spyware... without digital forensic analysis," it said.
The government’s stance has been made clear - it has dismissed all allegations, claiming that the report "has no concrete basis or truth associated with it whatsoever".
Emphasising that "India is a robust democracy that is committed to ensuring the right to privacy to all its citizens as a fundamental right", the Modi government asserted that this was an attempt by The Wire to play "the role of an investigator, prosecutor as well as jury."
In the past, similar claims were made in reference to the use of Pegasus on WhatsApp by India and those reports were also said to have no factual basis and were categorically denied by all parties, including WhatsApp in the Indian Supreme Court.
"This news report, thus, also appears to be a similar fishing expedition, based on conjectures and exaggerations to malign Indian democracy and its institutions," the government said.
The Pegasus Project is an indicator of the ‘free’ Indian democracy being hacked and if this is how the Indian Government - considering the fact that it is only possible for governments to make the purchase from NSO - plans on gaining an advantage in the election race, the country is in a dire situation.
Varadarajan, S. (2021, July 30). Revealed: How The Wire and Its Partners Cracked the Pegasus Project and What It Means for India. The Wire. https://thewire.in/media/revealed-how-the-wire-partners-cracked-pegasus-project-implications-india
Staff, T. (2021, July 19). The News Minute | News. The News Minute. https://www.thenewsminute.com/article/explained-revelations-pegasus-project-and-who-were-those-hacked-152573