At least 40 Indian journalists, along with members of Parliament, judges and others were supposedly targeted by Pegasus.
Phones of seven of these persons, who agreed to allow forensic examination of their devices, were found to be infected.
What is Pegasus?
Pegasus is the name of a spyware developed by Israeli firm NSO. It can be introduced surreptitiously into mobile devices and can suck up all data and meta-data on the infected device as well as monitor conversations, chats and browsing.
Note: A spyware is any malicious software designed to enter your computer device, gather your data, and forward it to a third-party without your consent.
Pegasus, is perhaps the most powerful spyware ever created. It is designed to infiltrate smartphones — Android and iOS — and turn them into surveillance devices.
The Israeli company, however, markets it as a tool to track criminals and terrorists — for targeted spying and not mass surveillance.
Who can buy Pegasus?
NSO claims it will only sell the software to verified government agencies, with a contractual clause that the spyware can only be used in cases of suspected crime or terrorist activity.
In practice, the clause is unenforceable -- any buyer can then use it as they please.
However, it is possible for NSO to verify potential buyers and check whether they are official agencies, though it refuses to release its client list.
NSO claims it has 60 clients in 40 countries. NSO also says the spyware is mainly used by law enforcement and intelligence agencies as well as the military.
What's special about Pegasus?
It is a very sophisticated spyware, which can remotely infect a very wide range of devices, without any action on the target's part.
Most mobile spyware is installed by getting hold of the physical device or via phishing.
For instance a text message/WhatsApp/e-mail with a malicious link is sent, and the target gets infected when he or she clicks on that link. Pegasus can be transmitted this way.
More importantly, Pegasus can infect mobiles by sending malicious WhatsApp messages, without any actions being necessary on the target's part.
NSO has, in fact, been sued by WhatsApp for exploiting this vulnerability.
Pegasus can also be spiked into the target's phone from a nearby base transceiver station (BTS). BTS is standard equipment used by telecom service companies to route and re-route signals.
What can Pegasus do?
Once installed, the spyware takes a wide range of permissions, allowing it to monitor location, e-mails, grab contact lists, take screenshots, grab media, grab instant messages and SMS, access browser history, take control of the phone’s mike and cameras, etcetera.
Pegasus can also be deleted remotely. It is very hard to detect and once it is deleted, leaves few traces.
It can also be used to plant messages/mails, etcetera, which is why there are theories it may have been used to plant fake evidence to implicate activists in the Bhima Koregaon case.
Figuring out if Pegasus is infecting the mobile
It is close to impossible to figure out if a phone has been infected with Pegasus. It doesn't cause slowdown or hanging.
It is slightly easier to detect Pegasus on an iPhone because iPhones keep more detailed logs of activity, and cybersecurity experts can see if data has been exchanged with suspicious Web sites.
Pros and cons of public surveillance
Pros
Increase Public Safety: Just like surveillance on our private property improves our home security, public surveillance increases public safety.
Reduce Crime Rate: It can keep an eye out for crimes as well as act as a deterrent.
Captures "precrime" data
Helps Catch Criminals
It helps authorities to track criminals down.
Encourages good behavior
Provide Evidence & Gather Clues
Acts as reassurance
Convenience
Cons
Easily Abused: Unfortunately, this technology can be easily abused. For example, information collected can potentially be used as a form of blackmail. Another example is voyeurism and stalking. To combat these issues, strict regulations on public surveillance must be put into place.
Reduces personal privacy
Reduces personal freedom
Freezes free speech
Creates a "Big Brother" society
Creates a "nanny state"
Brings into disrepute the role of government
Blurs moral and legal boundaries
Undermines the rule of law
Increases societal "paranoia"
Narrows choices through creation of algorithmic "echo chambers"
Increases supply side manipulation
Information asymmetry (supply side high, demand side low)
Doubts about Effectiveness
Expensive: High maintenance and costs of these systems is not justified by their limited results.