- Umang Sagar
- Recent article, Scams/Fraud
Pegasus Snooping Scandal
Genesis Of Phone Tapping
In 1988, the then CM of Karnataka Ramakrishna Hegde resigned following a telephone tapping scandal. Ramakrishna Hegde stepped down on “moral grounds” after details emerged of wire-taps on 50 individuals, including journalists and dissidents within the Janta party. Subsequently, the authorization given to the state police for the tapping too was made public.
This is one of the many past scandals of telephone tapping which led to the resignation of CM.
Telephone tapping (also known as wiretapping) is the monitoring of telephone and Internet-based conversations by a third party, often by covert means.
In past scandals of telephone tapping, governments have fallen, CMs have resigned, CBI inquiries have been ordered, and the Supreme Court has been moved.
The Pegasus storm is only the latest among the many snooping scandals in Indian politics.
Introduction
For those of you who are not aware, Pegasus is not a mythical-winged horse. Pegasus is spyware. Now, what is spyware?
Spyware is a dangerous software virus that can secretly get into your smartphone or any electronic device and aims to gather information to send it to other people in a way that harms the user.
So just with your phone number any person can spy on you with this spyware, be it android or IOS.
Once it has infected your phone it can virtually do anything. It can read your WhatsApp messages and SMSs, record your calls and know your entire call list, track your location through GPS, and can also secretly turn on your phone cam and microphone even when you are not using your phone! It can know your whereabouts and what you are doing or talking about 24/7. It’s like you are living in the big boss your entire life. At Least the big boss is better cause they don’t have cameras or mics in the washroom.
Now, how does pegasus infiltrate?
Earlier your phone would get a link or SMS and opening that link would get your phone infected.
But today, they have improved their technology. Just a WhatsApp message or a missed call would infect your phone with the virus and you won’t even know it.
Coming to the backstory of Pegasus,
The Pegasus spyware is developed by an Israeli private company called NSO Group.
The acronym NSO refers to Niv Carmi, Shalev Hulio, Omri Lavie. These 3 are the names of the founders of the company.
According to their website, NSO claims that they created pegasus so that the government intelligence and law enforcement agencies can use this to fight against crime and terrorism.
For instance, the Mexican government used pegasus to capture Mexican drug lord El Chappo.
Apart from Pegasus, their latest innovation is an eclipse. It’s military-grade software to hack into drones in mid-air.
Pegasus is a very sophisticated piece of software that is being sold to people for targeted surveillance.
NSO says in its transparency and responsibility report, “NSO Group only licenses its most well-known software product, Pegasus, to select approved, verified and authorized states and state agencies, specifically to be used in national security and major law enforcement-driven investigations. NSO Group does not operate the Pegasus system, and Pegasus can only be deployed by its government operators against one mobile phone number at a time, much like a traditional wire tape. The tool is not designed for, nor can it be used in any manner, for mass surveillance.”
This means that Pegasus cannot be sold to individuals or private firms but can only be sold to governments. It is quite expensive. It is sold in the form of licenses and prices depend on the contract.
According to a study, the cost of one license can be as high as 70 lakh INR.
As per 2016 estimates, for spying on just 10 people using Pegasus, the NSO group charged its customers 4.84 crores INR ($6,50,000) in addition to an installation fee of 3.75 crore INR ($5,00,000).
So now you got an idea that Pegasus software can only be used and bought by selected and authorized individuals.
Project Pegasus
- Project Pegasus is a ground-breaking collaborative investigation project by more than 80 journalists from 17 news Organizations in 11 countries along with a Paris-based non-profit Forbidden Stories and Amnesty Security lab.
- It is an initiative taken by all the 17 media channels that conducted cutting-edge forensic tests on mobile phones to identify traces of the Pegasus spyware.
Forbidden stories and Amnesty Security Lab got hold of a leaked list of 50,000 numbers straight from NSO and shared it with news firms around the world.
These numbers belong to people that NSOs clients have identified as potential targets.
In simple words, these numbers belong to people whose phones are suspected to be infected by Pegasus.
NSO says it has 60 intelligence, military and law enforcement agencies in 40 countries which it refuses to reveal.
From the leaked data and their investigations, Forbidden Stories and its media partners identified potential NSO clients in 11 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates (UAE).
1. Important Case Studies By Project Pegasus That Broke The Internet
The murder of Saudi Arabian Journalist Jamal Khashogi in Turkey.
Evidence by forbidden stories shows that spyware was actually used to target people close to Jamal Khashogi before and after his death.
Close surveillance of Mexican President, Andres Manuel Lopez Obrador, by a Mexican client of NSO Group before his election was found through the Pegasus Project. Around 50 people close to him, including his wife and children, were under surveillance.
The spyware has also been used to target activists and prominent human rights lawyers around the world.
59 journalists from Azerbaijan were under surveillance by the Pegasus spyware.
The list includes phone numbers of 13 heads of state and heads of government.
Critical journalists from France and Morocco were also under surveillance by authorities.
25 Mexican reporters were found to be on the list.
The Rafale controversy.
In 2016, the French Company Dassault sold 36 Rafale aircraft to India for $ 8.5 billion.
In 2018, it came to be known as the “Rafale Scandal” as there were suspicions of corruption in this contract. At this time an Indian customer of NSO Group selected Anil Ambani as he suspected he would be one of the beneficiaries of the contract.
Dalai Lama’s inner circle
Though the Dalai Lama doesn’t own a smartphone, he was being monitored by his relatives and other close associates.
According to reports by forbidden stories, the surveillance was by an Indian client of NSO Group.
Activists and journalists were surveilled by a Togolese client of NSO Group under the presidency of Faure Gnassingbe
Telegram founder, Pavel Durov, was surveilled when he was setting up his company in Dubai
It is amusing that this spyware is not only used for political and national concerns, but also for personal reasons.
UAE Princess Latifa, daughter of Dubai Sheikh Mohammed Bin Rashid al-Maktaum, was reported to be under surveillance due to her dramatic escape from Dubai.
In France, 15 ministers in Edouard Philippe’s government were selected by a Moroccan client by NSO Group in 2019.
Just like Azerbaijan, Togo, France, Hungary, Morocco, and no wonder how many countries, sadly India also happens to be one of the countries whose journalists have been spied on via Pegasus.
The important people involved in the sensitive issue of Western Sahara also are one of victims of this spyware.
Reason –
Western Sahara is claimed by both Morocco and the Polisario Front.
For those of you who don’t know, Polisario Front is a rebel national liberation movement backed up by Algeria.
This is a taboo issue and a great concern for the monarchy of Mohammed VI.
Rahul Gandhi, an opponent under surveillance
Apple iPhone was shown to be vulnerable
It is one of the technological battles of the 21st century – in which every mobile phone user has a stake.
In one corner, Apple has more than a billion active iPhones being used across the world. On the other, companies such as Israel’s NSO Group, developing spyware designed to defeat the most sophisticated security and privacy measures.
And while Apple says it is keeping pace with surveillance tools that are used to attack its phones – it boasts of creating “the most secure consumer platform in the world” – research undertaken as part of the Pegasus project paints a more worrying picture.
The malware, it appears, has been one step ahead.
That, at least, is the conclusion of new technical research by Amnesty International, which suggests that even the most up-to-date iPhones running the latest operating system have still been penetrated by NSO Group’s Pegasus spyware.
2. Project Pegasus In India
Now let’s focus on India.
Among the 50,000 phone numbers in the target list, 300 of these numbers were from India.
The Indian partner for project Pegasus is THE WIRE.
A point to be noted is that the presence of a phone number on the list does not confirm the use of Pegasus because, without forensic analysis of the phone, it is impossible to determine whether the instrument was successfully infected with Pegasus. But after Amnesty Labs did a sampling of a few of these phones they found that attempts were made on some while some were successfully hacked. They shared their findings with all the news organizations involved in the project based on which stories are being done.
- In India, the Supreme court-appointed a technical committee and asked to submit the phones for investigation of those individuals who suspect snooping by the government.
Names that came up as potential targets in India
Rahul Gandhi (2 of his phones), 5 of Rahul Gandhi’s close associates (including Sachin Rao and Alankar Shawai), few INC officials.
Abhishek Banarjee (CM Mamata Banerjee nephew and AITC politician).
Private secretary of Mamata Banerjee.
Ashwini Vaishnaw (minister of electronics and IT), and his wife.
Prahlad Singh Patel (Minister of State for Food Processing Industries in India) – his wife, cook and Gardner, and 15 others.
Sanjay Kachoru (worked as an officer on special duty for Smriti Irani in her first years as a Union Minister).
Prashant Kishore (political strategist)
Personal secretary to Vasundara Raje Scindia (during the period when she was BJPs CM in Rajasthan
Praveen Tughadia (Vishwa Hindu Parishad’s Leader)
Ashok Lavasa (the only member of a 3-man election commission)
Gagandeep Kang (virologist)
VK Jain, personal assistant and aide of Arvind Kejriwal
Hari Menon (Indian head of Bill and Melenda Gates foundation)
Jagdeep Choker (association of democratic reforms or ADR)
Alok Verma (expelled as CBI head in 2018 by PM)
Deputy Chief Minister of Karnataka G. Parameshwara
Close aides of Chief Minister H. D. Kumaraswamy
Senior Congress leader Siddaramaiah.
Siddharth Varadarajan is a New Delhi–based, American investigative journalist and founder of The Wire. Varadarajan joined the investigation of Project Pegasus.
Umar Khalid, a left-wing student activist and leader of the Democratic Students’ Union, was added to the list in late 2018, then charged with sedition. He was arrested in September 2020 for organizing riots, the provided evidence was taken from his phone. He is currently in jail awaiting trial.
- 11 phone numbers associated with a female employee of the Supreme Court of India and her immediate family, who accused the former Chief Justice of India, Ranjan Gogoi, of sexual harassment, are also allegedly found on a database indicating the possibility of their phones being snooped.
3. Heads Of State And Government In The List
- You have to read 2 lakh pages to know the names of all the owners of the 50,000 phone numbers. So according to an analysis by the German newspaper Die Zeit and others, here are the names of a few of the important heads of state and government who were on the potential target list :
- Imran Khan, Prime Minister of Pakistan
- Abdelaziz Bouteflika, former President of Algeria
- Noureddine Bedoui, former Prime Minister of Algeria
- Mostafa Madbouly, Prime Minister of Egypt
- Barham Salih, President of Iraq
- Mohammed VI, King of Morocco
- Cyril Ramaphosa, President of South Africa
- Emmanuel Macron, President of France
- Charles Michel, former Prime Minister of Belgium and current President of the European Council
- Édouard Philippe, former Prime Minister of France
- Édith Chabre, wife of Édouard Philippe
- Most French ministers
- Numerous French diplomats
- Bakhytzhan Sagintayev, former Prime Minister of Kazakhstan
- Saad Hariri, Prime Minister of Lebanon
- Saadeddine Othmani, Prime Minister of Morocco
- Ruhakana Rugunda, former Prime Minister of Uganda
- Ahmed Obeid bin Daghr, former Prime Minister of Yemen
Timeline
Jul 18: Media channels globally report military-grade Pegasus spyware made by Israeli firms used for spying on journalists, activists, politicians across the world, including India.
Jul 22: Petition filed before the Supreme Court by advocate M L Sharma seeking a court-monitored probe by Special Investigation Team into the reports.
Jul 27: Journalists N Ram and Sashi Kumar move the Supreme Court seeking an independent probe into the matter.
Aug 5: Supreme Court starts hearing and enquires about the issue
Aug 16: Center files a short affidavit, claiming allegations were based on conjecture and unsubstantiated media reports
Aug 17: Supreme Court issues notice to the Center on the petitions
Sep 13: Supreme Court reserves order.
Oct 27: Supreme Court appoints a committee of cyber experts to inquire into the matter. Former SC judge R V Raveendran to oversee its functioning.
Response By NSO
NSO Group said that any claim that a name in the leaked list is necessarily related to a Pegasus target is erroneous and false.
“Enough is enough,” a company spokesperson said in a strongly worded statement and added that it will no longer be responding to media inquiries on the matter and will not play along with a ‘vicious and slanderous campaign.
The spokesperson also said NSO will ‘thoroughly’ investigate any credible proof of misuse of its technologies and will shut down the system where necessary.
“We will state again. The list is not a list of targets or potential targets of Pegasus.”, says the spokesperson.
Mossad And RAW, Clients Of Pegasus
According to The New York Times report,
The “Indian intelligence service” purchased Pegasus from Israeli company NSO in a deal pegged at “dozens of millions of dollars”. The purchase was finalized during the visit of Prime Minister Narendra Modi to Israel and cleared by the then Israeli Prime Minister, Benjamin Netanyahu, in 2017.
Describing the NSO procedure for Pegasus, which is a high-grade cyberweapon on Israel’s export control list, the Israeli Ministry of Defense had cleared the contract, and NSO engineers would have had to travel to India to install the system themselves and Israeli intelligence agency Mossad liaised with them. But we still don’t know if the “Indian Intelligence Service” meant the Intelligence Bureau (IB) or the Research and Analysis wing ((R&AW), or any other agency reporting to the National Security Council Secretariat (NSCS) under National Security Adviser (NSA) Ajit Doval.
According to Haaretz reports,
- NSO employees say that Mossad officials frequently visited its headquarters under former head Yossi Cohen, sometimes with foreign officials. They asked to hack certain phones with Pegasus spyware.
Conclusion
The irony here is the list of potential targets by Project Pegasus does not include names of any criminals but instead has names of journalists, lawyers, academicians, activists, politicians, government officials, and even judges of supreme courts.
It is very pathetic that software that is designed as a law enforcement tool for the nation is actually turning out to be a law neglection tool.
This spyware is a serious threat to democracy.
It’s exposing that a lot of these technologies that we think are meant to keep us safe are actually just a ‘fantasy narrative’.
The biggest question that you all might still have is, “Is this an issue which I have to be concerned about?”
Since the cost of exfiltrating information from any set of devices is a lot for the government, it is possible that common people are not on their target list. A specific set of activities that the government tracks might not be applied to everyday people.
However, this spyware might be on your device, and one might not even know that it is scary. So it’s always better to maintain all the ways to prevent or reduce the risk of infection in our devices and maintain proper security of our devices.
Top 13 Interesting Facts
As per 2016 estimates, for spying on just 10 people using Pegasus, the NSO group charged its customers 4.84 crores INR ($6,50,000) in addition to an installation fee of 3.75 crore INR ($5,00,000).
UAE Princess Latifa, daughter of Dubai Sheikh Mohammed Bin Rashid al-Maktaum, was reported to be under surveillance by Pegasus spyware due to her dramatic escape from Dubai.
The Saudi Arabian prince head apparently hacked the phone of Amazon founder, Jeff Bezos
Prashant Kishore had to change his phone 5 times due to his phone getting hacked by the spyware
In 2019 WhatsApp revealed that the NSO group sent malware(Pegasus) to more than 1,400 phones(Android) simply by placing a WhatsApp call to a target device.
Malicious Pegasus code could be installed on the phone, even if the target never answered the call.
Pegasus Spyware uses a ‘Zero Click’ method as a means of infiltration wherein there is negligible user involvement or negligence on the user’s part.
It can read your WhatsApp messages and SMSs, record your calls, track your location through GPS, and can also secretly turn on your phone cam and microphone even when you are not using your phone.
NSO Group CEO Shalev Hulio declared in a lawsuit document that social media giant Facebook attempted to buy the Pegasus spyware from NSO Group in 2017.
Will Cathcart, head of WhatsApp, has said more companies and, critically, governments, need to take steps to hold the NSO Group accountable.
Senior Lawyer, Prashant Bhushan, had made an allegation that the increase in the National Security Council Secretariat budget (2017-18) by 300 crores INR was used by the government to buy the Pegasus software
Viktor Orban (PM of Hungary) was found out to be using spyware against journalists of Hungary
Indian opposition leader Rahul Gandhi, his advisors, and at least five of his friends were selected with the Pegasus spyware. The surveillance lasted throughout the 2018 legislative campaign and at least until the summer of 2019, a few weeks after his defeat and resignation as party leader.