In a sensational development, Pegasus spyware is back on the news and now has been used to spy on over 40 Indian journalists. Their phone numbers appear on a leaked list of potential targets for surveillance. The forensic tests also confirmed that some of them were thoroughly snooped upon by an unidentified agency using Pegasus spyware.
The data that has been leaked shows contact numbers of top journalists from popular portals such as the Hindustan Times, India Today, Network18, The Hindu and Indian Express. Currently, it is yet to learn why data shows the presence of a phone number in, to see whether a device was infected with Pegasus or subject to an attempted hack.
What is Pegasus Spyware?
Pegasus is fully-fledged spyware that is created to spy on complete operating systems (we are aware of its samples of iOS and android; it may have versions for other OS too which may not have been detected so far). Pegasus is the main spyware by Israel based NSO group which is an organisation that is damned interested in critical zero-day or unpatched vulnerabilities related to Operating systems and applications. That being said it should be obvious that NSO will keep its spyware updated with the latest vulnerabilities they keep getting and in fact that’s what has been going on. NSO claims that they provide the spyware to authorised agencies of governments in a legal way to combat terror and crime but several times it has been found that their spyware has been used to spy on human activists, journalists etc.
Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, accessing the target device’s microphone(s) and video camera(s), and gathering information from apps (everything that you would expect from spyware).
Pegasus in 2019:
In 2019, WhatsApp confirmed that spyware was being used by Israel based company NSO Group to spy on government officials, journalists, activists, lawyers, and various countries globally, including India. The confirmation about the use of Pegasus spyware came after WhatsApp sued NSO Group, which had long been suspected of the WhatsApp cyberattack that happened in the year. Reportedly WhatsApp has warned several Indian users are expected to be targets of illegal snooping spyware.
Back then, there was no confirmation on how many people were targeted in India. WhatsApp wrote in a blog post, “We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by [May 2019] attack to directly inform them about what happened.” But how exactly does this spyware work, especially after WhatsApp claims to offer high-end encryption methods?
Pegasus is said to be around for about six years and it is not ordinary spyware. Traditionally, Pegasus works by sending a link, and if the target user clicks on it, it is installed on the user’s device. Once installed, it begins to contact control servers which allow it to relay commands so one can gather data from the infected device. It has the potential to steal your passwords, contacts, text messages, calendar info, as well as voice calls made through messaging apps, in this case, WhatsApp. The threat doesn’t stop there as it can even let the hacker have access to your phone’s camera, microphone and GPS to track live locations.
The Names In Leaked Data:
The recent data showed the Hindustan Times executive editor Shishir Gupta, two founding editors of The Wire and its regular contributor Rohini Singh on the leaked list. Singh’s number appears after she filed back-to-back reports on the business affairs of home minister Amit Shah’s son, Jay Shah, and Nikhil Merchant, a businessman who is close to Prime Minister Narendra Modi, and while she was investigating the dealings of a prominent minister, Piyush Goyal, with businessman Ajay Piramal.
Also, the number of former Indian Express journalist Sushant Singh appears on the list in mid-2018. He was then working on an investigation into the controversial Rafale aircraft deal with France. Early this year, digital forensics conducted on Singh’s current phone showed signs of Pegasus infection.
The list also shows former TV18 anchor Smita Sharma, former EPW editor Paranjoy Guha Thakurta, former Outlook journalist S.N.M. Abdi, The Hindu’s Vijaita Singh, north-east-based editor in chief of Frontier TV Manoranjana Gupta, Bihar-based Sanjay Shyam and Jaspal Singh Heran. Several senior journalists who have left mainstream organisations also appear in the leaked data as individuals who were selected.
This includes.. former national security reporter Saikat Datta, former Economics and Political Weekly editor Paranjoy Guha Thakurta, who now writes regularly for Newsclick.in, former TV18 anchor and diplomatic reporter at The Tribune Smita Sharma, former Outlook journalist S.N.M. Abdi and former DNA reporter Iftikhar Gilani.
How does Pegasus hack a phone?
This part of Pegasus hacking into phones is one reason why this spyware is so highly rated by those who use it. The phone hacking is almost seamless and the phone user has no clue that their device has been compromised. Once a hacker identifies a phone that needs to be hacked, they can hack using two methods.
The first one is a One-click vector that involves a well-known technique called Phishing. Phishing occurs when the attacker, disguised as a seemingly trustworthy source, sends the target device an email, text message or SMS containing a link, which if opened can lead to the attacker gaining limited access to the device. The link sent by the Pegasus vector opens a malicious website called an Anonymizer, which communicates with the operator’s server.
The second one is the Zero-click vector which is far more insidious as it does not require the target user to click or open a link. Zero-click vectors generally function via push messages that automatically load links within the SMS. Since a lot of recent phones can disable or block push messages, a workaround has evidently been developed. WhatsApp, in its official statement, revealed that a vulnerability in their voice call function was exploited, which allowed for “remote code execution via specially crafted series of packets sent to a target phone number.”
This post was last modified on 19 July 2021 9:11 am
The Sandhya theatre stampede incident is taking many turns. After Allu Arjun's press meet yesterday,…
Game Changer's pre-release event has become a big hit. Despite the absence of live streaming…