Project Pegasus Explained: Everything You Need To Know Part-2
Why is this a problem?
Spywares like Project Pegasus can and have been used for defence. They also play a role in counter-terrorism. As in 2016, Mexico’s government used Pegasus to catch bosses of drug cartels. It was this effort that finally resulted in the arrest of ‘El Chapo’. At that time, El Chapo was one of the biggest drug cartel bosses of Mexico. For accessing his phone and retrieving the location of his phone, Pegasus came to help.
However, after this, there were reports on social media that the government had spent over $80 million for getting the software to track people who were not criminals. However, this has not received confirmation yet.
Indeed, invading one’s privacy when the target is neither a terrorist nor a threat to national and international security is like hindering a basic human right. Especially in this modern and tech-dependent age.
Indeed, privacy has yet not become a basic human right. Other than this, a threat like Pegasus uses bugs that one cannot defend against is surely a heinous crime. Thus, it becomes an even bigger challenge.
Regardless, this can’t be denied that the murder of Jamal Khashoggi in 2018 a Washington Post columnist from Saudi Arabia was possible because of Pegasus. As per a report published in The Guardian, many people closely related to him were hacked merely days before and after his death. This once again created international controversy for NSO and Pegasus.
Was there a warning about Project Pegasus ?
Pegasus again gained centre stage in India in 2019. At the time WhatsApp sued the NSO group. Whatsapp found that Pegasus was allegedly being used to keep a tap on their users. The people included citizens of over 20 countries. Even at that time, the list that WhatsApp provided was comprising of journalists, activists, lawyers and senior government officials.
In India too, this spyware targeted many users of WhatsApp. The list released by WhatsApp for the Indian targets at that time was much smaller. But no doubt it matched many of the targets that are in the list of Project Pegasus by Amnesty International and other media houses.
What is the government saying about Project Pegasus?
There have been various clarifications and statements from the side of the government. They have been very cleverly using a single statement to avoid all allegations. This statement is published in the original Amnesty international report itself.
The government has received two questions. Firstly, is India spying on its citizens using Pegasus? To this, the government has answered the list does not comprise of just Indian numbers from India. Also, India is not the only country on the client list of the NSO group. Then why only India is targeted as one surveilling its citizens.
The second question that the government is dodging is, Does India possess the spyware called Pegasus? There have been numerous statements from the side of the government including the statement from the new Information Technology Minister Ashwini Vaishnav.
All these statements combining say that there will be a clear and non-biased investigation into the matter but unlike Mexico, the Indian government has not yet clearly given a statement saying that they neither did spy on their people and nor do possess the infamous Pegasus spyware. As per a Scroll report, the number of Ashvini Vaishnav was on a potential target.
What is the NSO group saying?
As published by The Indian Express a spokesperson from the NSO group of Israel said “Millions of people around the world are sleeping well at night, and safe walking in the streets, thanks to Pegasus and similar technologies which help intelligence agencies and law enforcement agencies around the world to prevent and investigate crime, terrorism, and paedophilia rings that are hiding under the umbrella of end-to-End encryption apps,”. This statement may stand correct but there is still a counter-argument.
No doubt, using a shady tactic to safeguard a country from an internal or external threat is understandable.
But keeping track of people, who may not be in support of their respective governments ideals and views or are not criminals is not at all ethical.
To this counter-argument, the Israeli spyware manufacturer has said that it does not operate the technology nor does it have access to the data collected by its clients. In other words, they have clearly said that they just sell the spyware based on a licensing system to a vetted government. But what the government uses the spyware for after purchase, is not in the jurisdiction of the company.
Guillermo Valdes Castellanos (head of Mexico’s Domestic Intelligence Agency CISEN from 2006-2011) had said to Washington Post. “Pegasus is very useful for fighting organized crime But the total lack of checks and balances [in Mexican agencies] means it easily ends up in private hands and is used for political and personal gain.”. As reported by The Washington Post.
So the question still stands that what is the guarantee that other countries or powerful private entities may be using the same Project Pegasus spyware for their personal or even political gains.
Also, Read:-Millions sleep well at night, walk safely on streets due to technologies like Pegasus: NSO
Why the blame is on the government?
The Indian government has accusations as the alleged list published by Amnesty International consists of people not complying with the views and ideals of the current government.
Other than this, the government has neither accepted nor rejected the infamous spyware’s possession and use. The entity that will gain the most out of tracking these people will be the government itself.
Raising another allegation from the statement and selling condition of the NSO group. They have mentioned that they either sell to vetted governments or to their defence agencies. This again creates suspicion that no private entity can be involved in spying on the potential target but the government itself.
However, still, the fact that most of the numbers in the list belong to people who are so-called Anti Modi cannot be denied that hacking and collecting the data of these people will be highly beneficial to the government.
So the entity that will benefit the most from hacking these phones will be the government. But let us not point fingers because no one is guilty until proven so at least in democracy.
Are there loopholes in all the accusations of Project Pegasus?
Yet, the reports published by all the media houses make one thing clear. From the 50,000 targets of the target list, 67 received only a forensic examination. Also, out of these 23 showed a successful hack and a mere 14 showed an attempted hack.
This clarifies the fact that the sample size receiving the testing for calming such big allegations is quite small. But, no doubt that hindering the privacy of a single being unless extremely crucial is a crime and devastation of basic human rights by the governments.
The high cost of bearding if the government decides to make someone a target is also a cause. As per the reports published in the New York Times in 2016. The cost of Pegasus is quite heavy.
NSO charges a 3.7 crore ($500,000) per phone as an installation charge. Other than this there are differential charges as per the operating system of the device. For 10 iPhones the cost is around 4.8 crore ($650,000), for 10 android users the fees charged is the same, around 3.80 crores ($500,000) for 5 Blackberry users and 2.3 crores ($300000) for 5 Symbian users.
Other than this there is each target adds more cost like 100 more targets will cost 5.9 crores, 50 more will cost 3.8 crores, 20 more will cost 1.8 crores and finally 10 more targets will cost a government agency around 1.2 crore extra. In addition to this, there is a 17 % maintenance charge. This applies each year to the total cost that the government has to pay.
Such huge amounts are not easier to hide in between governmental dealings.
Also, if 50 countries transferred such huge funds to the NSO Group then the profit earned must grow exponentially. But as per records, the company has not reported any great profits.
As per The Washington Post, NSO Group has in one of its statements said that they do a very critical check of their clients’ human rights records before establishing a contract. Further, it added that it has and will in future terminate more than one contract if found that there are human rights violations on the part of governmental agencies. Regardless of it loses revenue as big as 100 million dollars.
A person familiar with the group working policy, told the Washington Post on the clause anonymity, that the contract with Saudi Arabia and Dubai in the UAE were made null and void. This was done when the group found that there have been human rights violations on their part. So, in case of such violations by the Indian government, the contract shall have a termination.
All these arguments and counter-arguments may or may not stand correct but there is still a fact.
That if the NSO group sells its spyware to government agencies and none of the statements from the government till date accept or decline to have the spyware or using it. Then this points out that the government is the one who may allegedly be spying on its citizens because the spyware cannot land in the hands of private entities.
We today live in such a closed-circuit board style world that there is still a possibility that someone other than our own government may be spying on us. Knowing the data and other personal and business-related info that comes and goes on the phones of business and defence related people can benefit countries like China or any other who may be a wolf amongst sheep and use Project Pegasus.
Can I save myself?
Although the use of 0-day vulnerabilities makes saving yourself very difficult but here are some possible tips that may help you save yourself from Pegasus.
- Open information and links that you are sure to belong to the most trusted and verified contacts as this tactic is being used by hackers since the beginning.
- Make sure that the operating system of all your devices is always up to date and that too from a verified, genuine and trusted source.
- Don’t wait for notification of the updates keep a check from updates from time to time.
- Avoid using free and public WIFI systems as they are many times the source of all hacking-related problems. And if you think that there is a need to use any such source then make sure that you use a good VPN.
- Encrypt your mobile’s data and also make sure to switch on features like find my phone or even remote wipe so that if your phone is at least some surety that your data may be safe from the hacker’s hands.
Are there other software like this Pegasus?
Yes as the technology is getting more involved and more evolved there will be more and more questionable tools like this. Similarly, the NSO group’s next masterpiece is Eclipse. As per the official website of the group, Eclipse is a premier cyber counter-drone platform. It is useful for automatically detecting, taking over, and safely landing unauthorized commercial drones in a designated zone.
Also Read:-
People in India targeted in the Project Pegasus Controversy
Project Pegasus Explained: Everything You Need To Know Part-1