NSO Group’s Pegasus can hack into any phone it wants without your knowledge — and there’s nothing you can do to stop it
- Pegasus spyware is built by an Israeli company called the NSO Group.
- The software can be installed onto a phone without engaging the user, which means there isn't anything a person can do to avoid Pegasus if they have been targeted.
- The Pegasus software has been accused of being issued by NSO Group’s clients to keep tabs on at least 180 journalists around the world, including 40 based out of India.
A new investigative report by the Pegasus Project, a consortium of media outlets led by the Paris-based non-profit Forbidden Stories, names investigative journalist Paranjoy Guha Thakurta, The Wire co-founders Siddharth Varadarajan and M K Venu, columnist Prem Shankar Jha, reporter Rohini Singh, editor Devirupa Mitra and others as victims.
In India, Mexico, Azerbaijan, Morocco, Saudi Arabia, Hungary and other increasingly authoritarian countries around the world, Pegasus has been used to spy on, track down, and silence anyone who threatens the stability of these regimes.
The global consortium got this information from leaked documents, which included more than 50,000 phone numbers of NSO Group’s clients.
And the Indian government has specifically been named as one of the clients. However, according to India’s newly appointed Information and Technology (IT) Minister, Ashwini Vaishnaw, the Pegasus leak is nothing more than “An attempt to malign the Indian democracy and its well-established institutions.”
In the past, similar claims were made regarding the use of Pegasus… Those claims had no factual basis and were categorically denied by all parties.
While the NSO Group claims it does provide “a mass surveillance technology,” the enterprise has been called out for the ‘reckless abuse’ of its spyware by numerous civil liberties and cyber security organisations around the world.
The narrative used to sell Pegasus is that it can be used to track down all sorts of criminals, terrorists and put a stop to money laundering. The tool they developed is a plug-and-play solution for intelligence agencies and governments that can’t afford to build their own surveillance systems.
The alleged amount of ‘leaked data of more than 50,000 phone numbers,’ cannot be a list of numbers targeted by governments using Pegasus, based on this exaggerated number.
And what makes it a true gem is that it’s nearly invisible. According to the Hacking Team, the NSO Group has mastered ‘zero click’ attack vectors. This means hackers don’t need users to ‘accidently’ click on a link or download a malicious attachment in order to gain access to a phone — they can just stroll right in.
It’s one thing to educate people about links and suspicious text messages. It’s another thing to say, basically, there is nothing that you can do. And that’s a very bad place to be.
During the 2019 WhatsApp exploit, Pegasus could reportedly infiltrate a phone with a simple missed call. Its true abilities can employ multiple vectors to hack into devices like phishing messages and fake package notifications. It’s full capabilities are still hidden from the public.
NSO’s new owner, Novalpina Capital, has promised to employ new oversight to keep abusive hacks at bay and usher in a new era of oversight. But the investigation by Forbidden Stories shows that abuse is still on the charts.
SEE ALSO:
Turkey is ready to regulate crypto, and it could it more expensive for crypto companies to operate
Swiggy gets a $1.25 billion cheque from Softbank for the same reason Zomato went for an IPO