• Achievers Facebook Page  Achievers Twitter Page  Achievers Google plus Page  Achievers Telegram Page
#1360, 2nd floor, Marenhalli, 100ft road,
Jayanagar 9th Block, Bangalore-560069.
IAS Coaching in Bangalore
Home » THE ONGOING PEGASUS SPYWARE CONTROVERSY

THE ONGOING PEGASUS SPYWARE CONTROVERSY

GS 3: Role of external state and non-state actors in creating challenges to internal security.

 

In news: The WhatsApp Pegasus spyware controversy has raised the issue of user privacy on smartphones once again. The Pegasus scandal showed how the government agencies, law enforcement could use this sophisticated and expensive software to track and spy on their intended targets. And while there’s not enough evidence to show Pegasus was used for mass surveillance, given it has an exorbitant cost, the easy availability of other kinds of spyware such as ‘stalkerware’ means the privacy risks continue.

 

The Whatsapp Pegasus spyware controversy

On 29 October, WhatsApp revealed that it was suing Israel-based NSO Group for developing the Pegasus spyware that was used to target 1,400 civil rights activists, lawyers, and journalists across the world, including several in India. While WhatsApp is being singled out here, the fact remains that WhatsApp was one of several services used to help spread Pegasus.

WhatsApp also claims that it informed the Indian authorities about the vulnerability in May 2019, however, a government official recently said that India's Computer Emergency Response Team (CERT-IN) could not fathom the magnitude of the situation due to the advisory being full of 'technical jargon'.

 

What is Pegasus?

Pegasus is a spyware that can be installed on devices running certain versions of iOS, Apple's mobile operating system, developed by the Israeli cyberarms firm, NSO Group. Discovered in August 2016 after a failed attempt at installing it on an iPhone belonging to a human rights activist, an investigation revealed details about the spyware, its abilities, and the security vulnerabilities it exploited. Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, accessing the target device's microphone(s) and video camera(s) and gathering information from apps.

Apple released version 9.3.5 of its iOS software to fix the vulnerabilities. News of the spyware garnered significant media attention. It was called the "most sophisticated" smartphone attack ever, and became the first time in iPhone history when a remote jailbreak exploit had been detected. The company that created the spyware, NSO Group, stated that they provide "authorized governments with technology that helps them combat terror and crime".

 

What is a spyware exactly?

Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge. Spyware gathers your personal information and relays it to advertisers, data firms, or external users.

Spyware is used for many purposes. Usually it aims to track and sell your internet usage data, capture your credit card or bank account information, or steal your personal identity. How? Spyware monitors your internet activity, tracking your login and password information, and spying on your sensitive information. Some types of spyware can install additional software and change the settings on your device, so it’s important to use secure passwords and keep your devices updated.

 

The chosen tool for open surveillance

Once on your phone, Pegasus has access to data that’s already on your phone, including photos, videos, text messages, email apps, browsing history, contact list, location, files, other messaging apps (like Viber, Skype, Messenger) etc. It can also listen to you and sounds around you through the phone’s microphones, record incoming and outgoing calls, capture screenshots and use the phone’s camera to take photos.

Further, Pegasus doesn’t transmit data when a smartphone is on roaming unless it’s on WiFi. This is of course done to hide its tracks, since users might notice high data usage bills while roaming. Instead, the spyware collects and stores data on your phone in an encrypted buffer, waiting to transmit it once you’re out of roaming. It does the same when the phone doesn’t have an active Internet connection or is at under 5% battery.

NSO has created an “intuitive" front-end for users of Pegasus to parse through the data they gather. This allows operators of the programme to easily sift through the tonnes of data they might be getting through Pegasus. Interestingly, there’s no real way to avoid a Pegasus attack other than the regular best practices. Security experts have repeatedly advised against downloading suspicious files, clicking on unknown links etc. and those remain the best way to fight this malware.

 

Some of the famous surveillance programs:

RCSAndroid: An Android surveillance tool designed by Milan-based company, Hacking Team. It is a data collection tool sold to law enforcement and government agencies. It was disguised as a news app on the Play Store and somehow escaped Google’s security scans.

DROPOUTJEEP: A program which was revealed to have been the go to tool for the US’ National Security Agency (NSA), allowing it to compromise Apple’s iPhones. It could access files on the device, read SMS texts, voicemail messages and more.

XKeyscore: The NSA, in its training material, called this its “widest reaching" system for gathering intelligence off the Internet. XKeyscore was amongst the programs revealed by whistleblower Edward Snowden.

Livestrong: An exploit used by the US Central Intelligence Agency (CIA) to compromise devices running on Android 4.4 KitKat, revealed by WikiLeaks as part of the famous Vault7 data dump.

 

Previous Year Questions:

  1. Cyber warfare is considered by some defense analysts to be a larger threat than even Al Qaeda or terrorism. What do you understand by Cyber warfare? Outline the cyber threats which India is vulnerable to and bring out the state of the country’s preparedness to deal with the same. (2013)
  2. How far are India’s internal security challenges linked with border management particularly in view of the long porous borders with most countries of South Asia and Myanmar? (2013)
  3. How does illegal trans-border migration pose a threat to India’s security? Discuss the strategies to curb this, bringing out the factors which give impetus to such migration. (2014)
  4. China and Pakistan have entered into an agreement for development of an economic corridor. What threat does this pose for India’s security? Critically examine. (2014)
  5. Considering the threats cyberspace poses for the country, India needs a “Digital Armed Forces” to prevent crimes. Critically evaluate the National Cyber Security Policy, 2013 outlining the challenges perceived in its effective implementation. (2015)
  6. The terms ‘Hot Pursuit’ and ‘Surgical Strikes’ are often used in connection with armed action against terrorist attacks. Discuss the strategic impact of such actions. (2016)
  7. “Terrorism is emerging as a competitive industry over the last few decades.” Analyse the above statement. (2016)
  8. Border management is a complex task due to difficult terrain and hostile relations with some countries. Elucidate the challenges and strategies for effective border management. (2016)
  9. The scourge of terrorism is a grave challenge to national security. What solutions do you suggest to curb this growing menace? What are the major sources of terrorist funding?  (2017)