No More Privacy When Spyware Pegasus Becomes A Trend In Cyberspace

The act of spying with spyware is a violation of human rights. (photo: unsplash)

JAKARTA - The government's use of Pegasus spyware to spy on someone, political opponents, journalists or activists opposed to the government is predicted to become a trend in the future. This prediction comes after the Pegasus spyware is believed to have targeted at least 40 Indian journalists, in recent years.

"Attacks using spywares to hack into the data of powerful people will soon become a trend," said Prasad T, Chief Information Security Officer, Instasafe, a cyber security solutions company, commenting on the investigation published by India's online news portal on Sunday. July 18th.

The report by The Wire said that the leaked data included the number of top journalists from well-known media organizations such as Hindustan Times, India Today, Network18, The Hindu and The Indian Express. Analysis of The Wire's data shows that journalists were spied on between 2018 and 2019, ahead of the 2019 Lok Sabha elections in India.

Nikhil Pahwa, founder of Medianama in India, believes government surveillance using Pegasus is not uncommon. "We have known Pegasus since 2016. The first use in India that we know of is in Bhima Koregoan, presumably by the Indian government," he said.

Pegasus, a product of Israeli cyberweapons company NSO Group, previously made headlines in late 2019 for being used to hack the phones of around 1,400 users worldwide, including 121 Indians. Spyware can log your keystrokes, screenshot your screen, control your applications.

Pahwa alleges that the Indian government has used Pegasus to spy on famous people, as the company only sells to vetted governments.

Human Rights Violations

Prasad explains that Pegasus exploits a vulnerability in your mobile device's operating system which makes it so powerful that it can extract information from all applications on your phone including iMessage, WhatsApp, Gmail, Viber, Facebook, Skype and location.

WhatsApp head Will Cathcart in a Twitter thread said that "NSO's malicious spyware is being used to perpetrate appalling human rights abuses around the world and it must stop".

Cathcart shows that in 2019, WhatsApp discovered and defeated attacks from NSO. "They rely on unknown vulnerabilities in the mobile OS, which is one reason why we feel it's so important to raise awareness about what we're discovering," he said.

"This is a wake-up call for security on the internet. Cell phones are the primary computer for billions of people. Governments and companies should do everything they can to make it as secure as possible. Our security and freedom depend on it," he added.

"For those who have proposed weakening end-to-end encryption: intentionally weakening security will have dire consequences for all of us," said Will Cathcart, Head of WhatsApp.

Are We Ready for Such an Attack?

"It's not that hard to design spyware like Pegasus, if an Israel-based company can do it, this means cyber attackers can do it too," Prasad told The Quint.

Pegasus can be installed on the target phone in many ways, in some cases by sending an infected link to the target (spear phishing), social engineering.

“What is very concerning is the future use of Pegasus by terrorist organizations, the main question is are we prepared for such an attack?” Prasad asked.

Pahwa noted that cybersecurity and cyber surveillance threats will remain. "There is cyber weaponry happening at an alarming pace. We need the UN to step in. We need cyber disarmament," he said.

Experts believe that the solution to government surveillance – as alleged in the Bhima Koregoan case – is not a privacy bill, as it frees the Indian government from accountability, but 'surveillance reform'.

"Our intelligence services should be accountable to Parliament. The use of such software against MPs and Indian citizens requires legal sanctions, and future declassification. Authorization by 'competent authorities' is not sufficient as long as this information is classified and is harmful to democracy, says Nikhil Pahwa, founder of Medianama

Meanwhile, Prasad pointed out that the number of cyber surveillance and cybersecurity issues will only increase going forward. It should also be noted that all data retrieved using the Pegasus spyware is stored on servers located in Israel. "It's safe to assume that all tracked data can be used by an Israel-based company, which is another issue that needs attention", he added.

Prasad said that Apple has released a patch to protect its devices from Pegasus spyware attacks, but android phones are more vulnerable to vulnerabilities.

According to Citizen Lab, even Factory Data Reset on the phone doesn't get rid of the Pegasus spyware. This allows attackers to continue accessing your online accounts even after your device is no longer infected.

To make sure your online accounts are safe, you should also change the passwords of all cloud-based apps and services that you use on the infected device.