Pegasus Spyware Fails to Prevent Hamas Attack on Israel
The failure of Pegasus spyware to detect the Hamas attack on Israel raises questions about its effectiveness in advanced surveillance.
Surveillance, of both citizens and non-citizens, is an accepted instrument of State policy. Law enforcement agencies regularly keep tabs on criminals and those plotting against the State. But as pointed out by many eminent persons, surveillance of ordinary citizens, who are merely going about their business, is an assault on democracy.
Pegasus, the winged horse of Greek mythology, carried Zeus’s thunderbolts and helped the hero Bellerophon slay the dreaded monster Chimera. Pegasus is also an eponymously named constellation, first listed by the astronomer Ptolemy in the second century. Pegasus, in its twenty-first century avatar, as an Israeli surveillance software, is a Trojan horse that can be sent “flying through the air” to infect phones at faraway places.
According to experts, Pegasus spyware, developed by the NSO Group of Israel, can be installed on an unsuspecting target’s mobile phone by sending a simple WhatsApp message to it. Pegasus has zero-click attack capability i.e., the Pegasus software gets installed automatically and gains complete control over the host’s phone without the host even opening the infected message. Thereafter, all data stored on the host’s phone, all calls, all location data and all images visible to the phone camera are relayed to the snooper. Pegasus can infect both Android and IOS-based smartphones and is virtually undetectable, except by advanced software.
Pegasus spyware has the capability to self-destruct, without leaving any trace. Currently, allegations of misuse of the Pegasus spyware are roiling Governments the world over. However, NSO Group, the developers of Pegasus, have piously claimed that the NSO Group provides only “authorised Governments with technology that helps them combat terror and crime.” Further, the NSO Group has highlighted excerpts from its contracts with buyers that require customers to use Pegasus only for criminal and national security investigations. Yet, a considerable mass of evidence contradicts NSO Group’s claims of innocence.
Advertisement
An Israeli newspaper found that the NSO Group had sold Pegasus spyware for hundreds of million dollars to the UAE and other Gulf States to spy upon anti-government activists, journalists, and political leaders. A show on Al-Jazeera channel claimed that the Israeli Government had used Pegasus spyware to snoop on friends and foes alike. Pegasus spyware drew unwelcome attention after the assassination of Saudi dissident journalist Jamal Khashoggi in Turkey, in 2018.
The NSO Group were accused by Khashoggi’s friend, Omar Abdulaziz, of having sold the Pegasus spyware to Saudi Arabia, which had allegedly used the software to intercept messages between Abdulaziz and Khashoggi. Apparently, Pegasus spyware was used to pinpoint Khashoggi’s location and plan his assassination. Yet, NSO chief executive, Shalev Hulio, denied the use of Pegasus on Jamal Khashoggi or his relatives on the primetime CBS TV show “60 Minutes.” Later on, Citizen Labs of Canada confirmed the presence of Pegasus spyware on Omar Abdulaziz’s mobile phone. Consequently, Abdulaziz filed a lawsuit against the NSO Group in Israel. Several similar cases have been filed in Israeli courts on the basis of documents that show that the NSO Group had engaged in illegal spying activities for its clients.
Targeting of journalists, using Pegasus spyware, prompted more than 80 journalists from 17 media organizations of 10 countries to come together for the Pegasus Project, an investigation into the use of Pegasus spyware. The Pegasus Project was coordinated by Forbidden Stories, a Paris based media NGO. Amnesty International provided technical support to the Pegasus Project that revealed a list of 50,000 phone numbers of potential surveillance targets, including heads of State, activists and journalists, including Jamal Khashoggi’s family. Responding to the expose, NSO Group said that it “firmly denies… false claims” made in the Pegasus Project report. NSO Group asserted that the Project’s report was based on “wrong assumptions” and “uncorroborated theories” and reiterated that the company was on a “life-saving mission.”
The controversy regarding the use of Pegasus spyware against Indian activists and journalists first surfaced in 2019 when WhatsApp informed seventeen people of the presence of spyware on their mobile phones. The issue of unauthorised surveillance of citizens using Pegasus spyware was taken up in Parliament by DMK MP Dayanidhi Maran. Replying to Maran, MoS Home GK Reddy neither confirmed nor denied that the Government had purchased Pegasus, or whether Pegasus was used to spy on Indian citizens. Rather, the Government justified surveillance of Indian citizens by quoting Section 69 of the Information Technology Act, 2000 and Section 5 of the Indian Telegraph Act, 1885.
The recently released list by Pegasus Project features around 50,000 telephone numbers as potential targets of surveillance. Around 1,000 Indian phone numbers appear in this list, out of which 300 numbers have been verified and names of 176 of the owners of the telephone numbers have been made public. Amnesty International conducted forensic analysis on 22 of these phones; 10 were found to be infected by Pegasus, four were found clean and tests were inconclusive on the balance eight. The list of Indian targets includes at least 40 journalists, 14 politicians or associated persons, 41 activists, lawyers and academicians, some high-ranking CBI officials, some prominent businessmen, one Election Commissioner etc. Worldwide, the Pegasus Project list includes the likes of French President Emmanuel Macron, Pakistan PM Imran Khan and Indian opposition leader Rahul Gandhi.
Jeff Bezos of Amazon broke all links with Mohammed bin Salman (MBS), the Crown Prince of Saudi Arabia, when Bezos found that MBS had unleashed Pegasus spyware on his phone. The Government of India is in mission mode to deny anything untoward in its surveillance activities. But, instead of direct denial, different spokesmen have defended the Government in different ways. While IT Minister, Ashwini Vaishnaw, stressed that the Government had full power of surveillance under the Information Technology Act, 2000 and the Indian Telegraph Act, 1885 and no unauthorised surveillance had taken place, Meenakshi Lekhi, MoS in the Ministry of External Affairs questioned the veracity of the list put out by the Pegasus Project. Asked directly if the Government had used Pegasus spyware, Mrs. Lekhi said that such information was classified.
Various BJP Chief Ministers have waded into the controversy; all have heaped opprobrium on Amnesty International and have insinuated that the allegations of unauthorised snooping are part of a foreign conspiracy, in which the Indian opposition is a willing partner. Surveillance, of both citizens and non-citizens, is an accepted instrument of State policy. Law enforcement agencies regularly keep tabs on criminals and those plotting against the State. But as pointed out by many eminent persons, surveillance of ordinary citizens, who are merely going about their business, is an assault on democracy.
Watergate was about the bugging of opposition politicians, for which US President Richard Nixon had to resign. Section 69 of the Information Technology Act, 2000 and Section 5 of the Indian Telegraph Act, 1885 which authorise the Government to intercept communication by telephone and internet, have a number of in-built safeguards. Under the Telegraph Act the Government can intercept calls only after authorisation by a Joint Secretary level officer and that too in the interest of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order, or for preventing incitement to the commission of an offence, which are the restrictions imposed on free speech under Article 19(2) of the Constitution.
Additionally, journalists are exempt from interception. The reason for subjecting a person to surveillance has to be recorded in writing. The ambit of interception under Section 69 of the Information Technology Act, 2000 is wider but is subject to the right to privacy. Project Pegasus is being hotly debated both inside Parliament and outside, but with persistent stonewalling by the Government, the likelihood of any concrete outcome is remote. A PIL has been filed in the Supreme Court, but in the absence of details like the origin of the NSO list, non-testing of all phones allegedly infected by Pegasus, the bland denials by the NSO Group, and most importantly non-cooperation by the Government, judicial relief is not likely.
Slowly, but surely, Project Pegasus will relinquish the headlines and die a slow death like umpteen scandals before it e.g., Jain Hawala, Bofors, Tehelka, 2-G and Coal Mining. Glenn Greenwald, the American journalist and lawyer who published a series of reports about American and British global surveillance programmes, based on classified documents provided by the whistle-blower Edward Snowden, put things in perspective: “The way things are supposed to work is that we’re supposed to know virtually everything about what the government do: that’s why they’re called public servants. They’re supposed to know virtually nothing about what we do: that’s why we’re called private individuals.” We, as citizens, can only hope that some future Government would be more proactive in safeguarding our privacy against unjustified intrusions.
(The writer is a retired Principal Chief Commissioner of Income-Tax)
Advertisement