Employees at Tech2 NewsJul 19, 2021 10:26:50 PM
background
On July 19, a consortium of 17 international media organizations published an investigation into a leaked list of phone numbers from around the world identified as Pegasus project. These numbers are supposedly a “target list” of phones that are hacked / to be hacked by the hacked Pegasus Spyware product sold by the Israeli NSO group. The list is apparently characterized by its sheer size, but also includes the number of prominent journalists, dissidents from different countries, politicians, judges, business people, legal activists and heads of state. Some of the targets listed have partnered with the Media Consortium and Amnesty International for a forensic examination of their devices and evidence of hacker attacks using the Pegasus Suite.
Also read: WhatsApp hack: Pegasus scandal underscores India’s self-destructive lack of oversight over its intelligence services
What is pegasus
Pegasus is a spyware suite sold to “verified government customers” by the Israeli company NSO Group. It is used to compromise and monitor targeted Windows, Mac computers and also Android and iOS smartphones. The spyware can be delivered via links sent via email or SMS, via WhatsApp, or via much more sophisticated “0-day” vulnerability exploits, which are security holes or bugs that even device manufacturers are not aware of . Finding and exploiting such “0-day” weak points is a highly specialized, complex and time-consuming task. It was once able to infect target smartphones simply by making a WhatsApp call, regardless of whether the call was answered or not.
Who saw this data?
The data was from a Paris-based nonprofit called. retrieved Forbidden stories and Amnesty International, who then partnered with 17 international media organizations around the world as part of the Pegasus projectincluding The guard, The Washington Post and in India The cable. Forbidden stories claims this list contains intended destinations for the NSO Group’s Pegasus software suite. However, it should be understood that just the fact that a phone number is listed in the data does not automatically mean that it was successfully attacked or even an intended target for a hacking attempt.
Why is that important?
According to The wires Report, NSO Group’s list of customers includes the governments of Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates, as well as India. On the list, The cable reported are 300 Indian nationals, including some politicians, human rights defenders and journalists. The NSO group claims that Pegasus Suite for “Audited Governments” only and not for private entities, suggesting that the target list includes people who are being monitored by the government.
The cost of the suite also makes it out of the reach of most private businesses. A small sample of 37 phones underwent forensic analysis by Amnesty International – including 10 Indian phones – and there were signs of one Pegasus Infection. These devices were owned by journalists, politicians, business people, lawyers and other professionals – personalities, not criminals or terrorists. The correlation drawn is that this is in fact a list of Pegasus Spyware Targets.
Infiltrating telephones or computers with such methods constitutes “hacking”, which is a criminal offense under the Information Technology Act of 2000.
What the Indian government is saying
As part of their official statement, which we will recount below, the central government has named the story “Factual, but also based on preconceived conclusions” The addition “It appears that you are trying to play the roles of an investigator, a prosecutor, and a jury.”
The government stated categorically: “The allegations about government surveillance of certain people have no concrete basis or truth.”
The statement also goes on:
“In India there is an established process through which lawful surveillance electronic communication takes place for the purpose of National security, especially in the event of a public emergency or in the interest of public safety, by authorities of the Center and the states. The requests for this lawful monitoring of electronic communications are being made in accordance with the relevant provisions under the provisions of Section 5 (2) of the Indian Telegraph Act, 1885 and Section 69 of the Information Technology (Amendment) Act, 2000.
Every case of interception, monitoring and decryption is handled by the competent authority, ie the Minister of the Interior of the Union. These powers are also available to the competent authority in the state governments according to IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009. “
In short, there is an established protocol for government surveillance of electronic communications under Indian law for the purpose of “national security” and has been approved by the Union’s Interior Minister.
Electronics and Information Technology Minister Ashwani Vaishnaw said in Parliament today that “the report itself makes it clear that having a number does not mean snooping,” adding, “NSO has also said the list of countries using Pegasus , wrong is”. and many of the countries mentioned are not even our customers. It also said that most of its customers are western countries. “
What does the NSO Group say
The Israeli company NSO Group spoke with The cable by her lawyers, insisting that the leaked list did not include a “target list” for government hacking but “could be part of a larger list of numbers that may have been used for other purposes by NSO Group’s customers”. Here, “NSO Group Customers” refer to their “Verified Governments”. Amnesty International’s forensic analysis appears to confirm that a sample set of these listed devices is actually from Pegasus.
But I use Signal / Telegram / WhatsApp. Can someone read my messages?
Short answer: yes. Communication via messaging platforms such as Signal and WhatsApp is considered “secure” due to its end-to-end encryption. However, if your device is itself compromised with spyware, it doesn’t matter that your communications are encrypted as someone is already watching over your shoulder. It’s like you have the best security system and locks in the world for your home, only the thief is already inside.
Long answer: Any technology can or can be bypassed if there is enough time and resources. In case of Pegasus, Smartphones infected with spyware through a variety of sophisticated attacks that exploit security holes that even phone manufacturers may not know about – so-called “0-day” vulnerabilities. These are not resources available to every entity, but someone with enough resources and motivation can certainly find ways to spy on your communications. If the question is, “Who would do this?” The answer is “someone with enough money and motivation”.
TL; DR
If the claims are true Pegasus project, it clearly shows that more needs to be done to regulate and reform surveillance. The ubiquity of technology and devices makes deeply invasive forms of surveillance possible. While the technology for such surveillance is not available to anyone who (as far as we are told) asks, it is is for “verified government customers”, which – in the case of NSO – include the governments of Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates in addition to India. And we have to remember that Pegasus is only one many such software suites that are available for a fee.
Or, as the Minister of Electronics and Information Technology Ashwani Vaishnaw said in Parliament today: “If we look at this issue through the prism of logic, it becomes clear that there is no substance behind this sensation.”
