What is Pegasus and how did it target Indians on WhatsApp?
A spyware was quietly eating into some Indians’ data during this year’s election season.
At least two dozen journalists, lawyers and activists in the country were targeted for surveillance in the weeks before May 2019, newspaper today (Oct. 31). The culprit? Pegasus—a technology developed by the Israeli cyber-security firm NSO.
Pegasus sends people “exploit links.” Once a user clicks on it, the malware can penetrate a phone’s security features, and Pegasus is installed on the device without the owner’s knowledge or permission. Once in the system, Pegasus can extract the user’s private data, including passwords, contact lists, calendar events, text messages, and even voice calls.
In this instance, a missed voice call on WhatsApp may have sufficed to open up the phone and infiltrate it. “In May 2019 we stopped a highly-sophisticated cyber attack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users,” the Facebook-owned company said in a statement.
The Indian Express report comes a day after WhatsApp waged a legal war in the US, alleging that NSO hacked over 1,400 devices. The firm has denied the accusations.
Modi-fying the threat
This isn’t India’s first brush with Pegasus. In September 2018, Canada-based digital watchdog Citizen Lab found infections associated with 33 of the 36 Pegasus operators it identified in 45 countries, including India.
Pegasus has been around for at least three years now. The mobile espionage software was meant for use by governments that could purchase it on a per-licence basis. However, time and again, it has been suspected to be involved in illicit practices. Touted as “the most sophisticated attack” by cybersecurity company Lookout, this silent jailbreak is among the hardest to catch.
While the jury is still out, Twitter is abuzz with speculation. If NSO claims to only sell to vetted government agencies, and Indians were spied upon, who commissioned it? That’s a question on everyone’s minds.
Member of parliament Kapil Sibal, who belongs to opposition Indian National Congress, sarcastically called out prime minister Narendra Modi’s “open transparent government.”
“Same Israeli based NSO Group’s Pegasus software was used by Saudi Arabia to spy on murdered journalist Jamal Khashoggi,” noted Delhi-based journalist Arvind Gunasekar tweeted. And he wasn’t the only one who made this observation.
Israeli software Pegasus, used by Modi govt to snoop on activists & journos is the SAME software that Saudis used to track murdered-journalist Jamal Kashoggi.
Saudi Arabia is the biggest customer of Pegasus.
Modi ji routinely visits Saudi Arabia. As recently as Tuesday. https://t.co/8raw4nVpLV
— Saket Gokhale (@SaketGokhale) October 31, 2019
Still, a host of questions remain unanswered.
Among the many unanswered questions in the Israeli spyware being used to surveil Indian activists and journalists through WhatsApp story:
1. Who ordered the snooping?
2. Who, exactly, was Pegasus sold to?
3. Who was snooped upon?
4. Did they actually get the data?
— ¯_(ツ)_/¯ (@PranavDixit) October 31, 2019