Pegasus is arguably the most potent piece of spyware ever created. It can convert your phone into a 24-hour monitoring device after it has wormed its way onto it without your knowledge. Pegasus can duplicate your communications, harvest your images, and record your phone calls. It could capture your talks by discreetly filming you with your phone's camera or activating the microphone. The company could be able to tell you where you are, where you've been, and who you've met. The NSO Group of Israel produces it. According to reports, the software is being sold to governments all around the world.
Pegasus targeting in India
The Monsoon Session of Parliament began on Monday amid a controversy over the Pegasus spyware issue, with numerous Opposition leaders accusing the Centre of using the spyware to hack the phones of several famous Indian journalists and politicians.
A number of publications, including The Washington Post and the Guardian, released a new set of reports based on Amnesty International data on Sunday evening. According to the claims, Pegasus is still in use, and over ten nations, including India, are utilizing it to collect data from tens of thousands of people's phones.
According to The Guardian, 38 Indian journalists, including those from mainstream publications (three current Hindustan Times journalists are named, as is one from sister publication Mint), and websites, as well as freelancers, were targeted in the first part of the multi-part investigation, which was released late Sunday night.
Nitish Kumar, the Chief Minister of Bihar, expressed his grave dissatisfaction today with accusations that Pegasus spyware was used to target journalists, judges, and ministers in India. Such snooping, he said, is "dirty" and "worthless."
Binoy Viswam, a Communist Party of India, Rajya Sabha MP, had issued a suspension of business notice under Rule 267 in response to the revelations about the scale of Pegasus spyware use in India.
Similarly, AAP MP Sanjay Singh has requested that the Pegasus spying matter be discussed in the Rajya Sabha under Rule 267.
Who has been targeted in India?
The list, which included more than 50,000 phone numbers concentrated in nations known to engage in citizen surveillance was obtained by Forbidden Stories, a Paris-based media group, and Amnesty International, which shared it with 17 news organizations as part of the Pegasus Project.
Over 40 journalists, three prominent opposition personalities, one constitutional authority, and two serving ministers in the Narendra Modi government are among those in the database.
The names of dozens of journalists and activists on the list were revealed by The Wire, including its founders Siddharth Vardarajan and MK Venu, Vijaita Singh of The Hindu, Shishir Gupta of the Hindustan Times, scholars and activists on the Committee for the Release of Political Prisoners, and relatives, lawyers, and friends of those arrested in the Bhima Koregaon case and the accused.
How does Pegasus work?
Researchers identified the first version of Pegasus in 2016, and it infected phones via a technique known as spear-phishing, which involves sending text messages or emails that deceive a target into clicking on a malicious link. It originally made headlines in 2016, when an Arab activist became suspicious after receiving a suspicious message. Pegasus was thought to be targeting iPhone users. Apple published an updated version of iOS a few days after it was discovered, apparently patching the security flaw that Pegasus was exploiting to hack phones.
NSO's assault capabilities, on the other hand, have improved since then. Pegasus viruses can be spread using so-called "zero-click" attacks, which require no engagement from the phone's owner to succeed. So, if the aim is to attack the system itself, all understanding about how to avoid phishing attacks or which links not to click is useless. The majority of these assaults target software that receives data before determining whether or not it is trustworthy, such as an email. To put it simply, you receive the data of an email before you can decide if it’s from someone you know or not. This is exactly what Pegasus targets.
Can these attacks be stopped?
Zero-click assaults are difficult to detect and even more difficult to prevent. In encrypted situations, where there is no view of the data packets being sent or received, detection becomes even more difficult. One thing people may do is make sure their operating systems and applications are up to date so that they have the latest fixes for any loopholes discovered. One option is to avoid using apps altogether and instead use the browser to check your emails or social media.