Explained: All about Pegasus, billed the most sophisticated spyware for mobile phones

Explained: All about Pegasus, billed the most sophisticated spyware for mobile phones
Photo Credit: 123RF.com
19 Jul, 2021

UK based non-profit Amnesty International and Forbidden Stories, a French website dedicated to “publish the work of other journalists facing threats, prison, or murder”, alleged on Sunday that Pegasus, a spyware built by Israeli security firm NSO group, had been used to hack the mobile phones of close to 300 high-profile Indians. The list was curated after investigations over month by 17 global news organisations including The Washington Post, Forbideen Stories, Radio France, The Guardian, Le Monde, Knack and Corruption Reporting Project.  

In India the list of targets allegedly included cabinet ministers, government officials, scientists, three opposition party leaders, about 40 journalists, activists and businessmen in India. Some of the names on the list include political strategist Prashant Kishor, Congress president Rahul Gandhi, Priyanka Gandhi, Minister for Railways Ashwini Vaishnaw, and former Election Commission member Ashok Lavasa, virologist Gagandeep Kang.

Globally, the media consortium said, over 50,000 phone numbers have been identified as ‘person of interest’ by the clients of NSO.  

 So, who or what is Pegasus and why is it such as big deal? Here’s a ready reckoner to the spyware currently in the eye of a global security storm. 

What is Pegasus? 

Pegasus, literally a winged white horse in Greek mythology which symbolizes using bravery, courage and energy wisely, is a spyware used to snoop on famous people via their mobile phones. In cybersecurity terms, it is a Trojan, a type of malware that misleads users of its true intent. The Trojan generally infects unsuspecting victims through a method known as social engineering -- a term used to denote the art of manipulating people to give up confidential information. 

The brains behind Pegasus 

Pegasus, classified as a sophisticated espionage software, was developed by Israeli cybersecurity group NSO, which stands for founders Niv Carmi, Omri Lavie and Shalev Hulio. The spyware’s existence was first made known by the University of Toronto’s R&D department, Citizen Lab in August 2016, after an alleged failed attempt was made at installing it on an iPhone owned by human rights activist Ahmed Mansoor. Mansoor was the target of multiple spear-phishing attacks, where he received several SMS messages with malicious links luring him through clickbait.

How it works  

The spyware is mostly used to target certain versions of Apple’s mobile operating system iOS. Its Android counterpart is called Chrysaour, named after the brother of the winged horse. Although their functionalities are similar, the Android version tries to root the phone to gain access, similar to jailbreaking in iOS.  

At its peak in 2017, the spyware was even termed the “ultimate spyware for iOS and Android,” by Kaspersky. 

In terms of surveillance, the spyware acts as an installation device that after gaining access moves to install other modules that help it to conduct different actions such as read messages and email, listen to calls, capture screenshots, log pressed keys, get browser history, contacts and more. It is also believed that Pegasus can listen to and read encrypted audio and messages. 

What’s more worrisome is that the malware is capable of self-destructing if it is not able to communicate with its command server (dubbed the command and control) for a period of more than 60 days. This self-destruction protocol will also be activated if it has been installed on a wrong sim card or a wrong device, leaving one to believe that this spyware really knew whom its target was.

So, who used Pegasus in India?

The Indian government has categorically denied allegations claiming that the reports of the alleged snooping on high-profile Indian citizens, was nothing but a “fishing expedition” and that there has been no unauthorized interception by the Centre of devices of its citizens.

“The allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever,” said the government in a statement.

Is this the first time Pegasus has snooped on Indian citizens? 

Pegasus being used to spy on Indian citizens isn’t new. Back in October 2019, WhatsApp parent company Facebook alleged that Pegasus was being used to target Indian journalists, activists, lawyers and senior government officials. The targets were claimed to be under surveillance for a two-week period in May, when the Indian national elections were underway. 

The allegations were made by the Indian Express newspaper in 2019, following which WhatsApp made a disclosure in a lawsuit it had filed in a US court in San Francisco. The then Electronics and IT Minister Ravi Shankar Prasad said that there had been no unauthorized interception of citizen’s phones by the government.