What is Pegasus?
Prior to 2022, the word Pegasus might have brought to mind the legendary winged horse from Greek Mythology. Today, however, we are aware of Pegasus as a form of spyware, a dangerous software virus that secretly gets into your computer or smartphone and makes your data accessible to others. Pegasus can hack your camera, your private WhatsApp chats, and your photos. It can even secretly turn on the recording devices in your phone, spying on you more actively.
Pegasus spyware was developed by the NSO Group, an Israeli Company. NSO claims that they created Pegasus to enable Government Intelligence and Law Enforcement agencies to fight crime and terrorism. For example, the Mexican Government said that they used Pegasus spyware to capture Mexican drug Lord El Chapo.
How Does Pegasus Work?
Earlier versions of spyware tended to operate (and still do, in many cases) mostly though SMS or WhatsApp links. Once you clicked on the link, smartphones would get infected. But in today’s world, hacking has become much more sophisticated.
Hackers now leave a missed call on your number or send you a WhatsApp message. Even if you don’t receive the call, the Pegasus spyware can still infect your phone. This is why it’s so dangerous and hard to guard against- no amount of internet savvy may help you handle this problem. Pegasus spyware can get latched on to you just by knowing your phone number. It can attack both Android and iOS devices, and once the phone has been infected, it can monitor practically everything you do, including location tracking via GPS.
Why is Pegasus in the News?
The current expose has been revealed by a French-based NGO, Forbidden Stories with technical support from the Amnesty International team.
They revealed a “leaked list” with more than 50,000 phone numbers with the claim that the phone numbers belong to the people who have already been spied on using Pegasus or are the potential targets of being spied on in the future. The list includes the names of renowned media houses like Reuters, The Guardian, Washington Post, Suddeutsche Zeitung from Germany, and Le Monde from France. Other media houses include Haaretz from Israel and Proceso from Mexico. Forbidden Stories also revealed some countries which were using the Pegasus spyware, such as Togo, Rwanda, Morocco, Saudi Arabia, UAE, Azerbaijan, and India.
Needless to say, this raises some concerning questions about the freedom of the press and the people. Of the names in this list, most are journalists, academicians, lawyers, politicians and government officials, even some of the Judges of the Supreme Court. In fact, even the Heads of State of some countries, such as French President Emmanuel Macron, had to change his phone as soon as he found Pegasus spyware was present in his phone.
How Can I Tell If I’m Being Monitored?
It’s unlikely that the Pegasus spyware has been used to monitor anyone who isn’t publicly prominent or politically active. Spyware’s ability to remain stealthy and undetectable on a device is part of its very nature. There are mechanisms in place to show whether your device has been compromised. The possibly simplest way to determine this is to use the Amnesty International Mobile Verification Toolkit (MVT). This tool can examine the files and configuration of your mobile device by analyzing a backup taken from the phone. While the analysis won’t confirm or disprove whether a device is compromised, it detects indicators of compromise which can provide evidence of infection. Relevant patches and upgrades should be updated on your device, as this creates a stable base with a standardized version of an operating system which may be harder for attackers to target.
Perhaps it’s also the time for a strict Data Protection Act to safeguard us from the risk of cybercriminals, foreign companies, and of course software like Pegasus Spyware. In the meantime, one can use VPNs for protection from such spyware as they help to hide device locations. Use a VPN particularly if you are going to use public Wi-Fi (including hotel networks) to access sensitive information. And of course- and oldie but a goodie- while using your device, open links only from known and reliable contacts and sources.
Pegasus Spyware in India
The Pegasus Project leaked list contains the names of a number of Indians who were allegedly spied on between 2017 and 2018. Most of the known names seem to be political rivals of the Union Government, including Congress Leaser Rahul Gandhi and Election Strategist, Prashant Kishor. On the list were also a number of left-wing political activists, the Dalia Lama’s inner circle, and the family of a woman who accused now a former Supreme Court Justice of sexual assault.
Now, from the Indian perspective, there are in fact several legislations in place which control (and sometimes condone) such unlawful electronic surveillance.Section 5 of the Telegraph allows the Government to intercept messages only when they are against the sovereignty and integrity of India, security of the State, friendly relations with foreign states, order morality or decency and so on. It does not, however, allow unlawful interception for any personal benefit or political leverage. That said, the lines between the two categories are pretty blurred, and not always easy to delineate.
Section 69 of the Information Technology Act empowers the government to issue directions to intercept information via computer technology. This section too places limitations on such surveillance. It does not allow the installation of such spyware for the purpose of hacking.
While the Right to Privacy has not been expressly given in Part III of the Indian Constitution, it has consistently been held as an important domain of the right to life under Article 21 in numerous pivotal cases. In the landmark case of Justice K.S.Puttaswamy (Retd) v. Union of India, the Hon’ble Supreme Court held that the unnecessary interruption of people’s lives through surveillance is an infringement of the right to privacy. Any restriction on the right must be backed by a legitimate State aim.
It is saddening to see that spyware which was apparently created to spy on criminals and terrorists is now being used to spy on opposition politicians, journalists, activists, former Supreme Court Judges, and even on the Election Commissioner. Rather than using the software for legitimate reasons, powerful people around the world have been using it for keeping checks on people and their personal information. While Pegasus has not yet been used in large-scale surveillance, only targeting specific actors, the concentration of those spots do give an interesting overview of the priorities of those using it.
Author: Ishant Singh, Legal Intern at PA Legal.
In case of any queries, kindly contact us here.
Thank you for reading our blog! We’d love to hear from you! 🙂
- Are you Interested in IP facts?
- Would you like to know more about how IP affects everyday lives?
- Have any questions or topics you’d like us to cover?