How Does Pegasus Work?
Pegasus was previously deployed on cell phones through flaws in widely used applications or spear-phishing, which includes fooling a target user into following a link or opening a document that covertly instals the malware. It may also be deployed manually if an agent can grab the target’s phone from a nearby wireless transmitter. Pegasus users have been able to install the software on cell phones with a missed call on WhatsApp since 2019, and they can even remove the missed call’s record, making it difficult for the phone’s owner to notice anything is wrong. Another method is to just send a message to a user’s phone that does not result in any notification. This implies that the current version of this malware does not necessitate any action on the part of the smartphone user. All that is necessary for a successful spyware assault and installation is that the device be running a certain susceptible software or operating system. A zero-click exploit is what this is called. Pegasus may theoretically harvest any data from the device and relay it back to the attacker once it is installed. Photos and videos, recordings, location information, conversations, online searches, passwords, phone logs, and social media postings can all be stolen. It also offers the capacity to turn on cameras and microphones for real-time monitoring without the user’s consent or knowledge. The cordial cooperation between NSO and India appears to have started in Israel in 2017, during what the Indian media dubbed the Modi-Netanyahu “bromance” — the moment they rolled up their slacks and paddled together on Dor beach. In the sand, they left more than simply their own footsteps. Around that time, Indian phone numbers began to emerge on the list. The budget for the National Security Council Secretariat was boosted tenfold in the same year. The majority of the additional funds were devoted to cyber-security. The Unlawful Activities (Prevention) Act (UAPA), under which hundreds have been imprisoned without bail, was broadened to cover people, not just organisations, in August 2019, just after Modi won his second term as Prime Minister. After all, businesses don’t have smartphones – a significant, if hypothetical, detail. But unquestionably one that broadens the mission. And then there’s the market. During the passing of the amendment in parliament, home minister Amit Shah said, “Sir, guns do not give rise to terrorism, the root of terrorism is the propaganda that is done to spread it… And if all such individuals are designated terrorists, I don’t think any member of Parliament should have any objection.” The Pegasus affair has sparked outrage in parliament’s monsoon session. The opposition has called for the home minister’s resignation. Modi’s governing party, certain in its landslide victory, fielded Ashwini Vaishnaw, India’s freshly sworn-in Minister of Railways, Communications, Electronics, and Information Technology, to defend it on the House floor. His phone number was also on the leaked list of numbers, which was humiliating for him. If you go behind the bluster and obfuscating bureaucratic of the government’s many pronouncements, there is no outright denial of Pegasus’ acquisition and usage. The sale has also not been rejected by NSO. The Israeli government, like the French government, has launched an investigation into the accusations of spyware usage. The money trail in India will eventually lead us to the smoking gun. Where will the smoking gun, however, take us?
Think about it. In the Bhima-Koregaon (BK) case, 16 activists, attorneys, trade unionists, academics, and intellectuals, many of whom are Dalits, have been imprisoned for years. They are accused of plotting to instigate violence between Dalits and privileged caste groups on January 1, 2019, when tens of thousands of Dalits gathered to celebrate the 200th anniversary of the Bhima-Koregaon war (in which Dalit soldiers fought with the British to defeat the Peshwas, a tyrannical Brahmin regime). The stolen database revealed the phone numbers of eight of the 16 BK suspects, as well as the numbers of some of their close family members. Because their phones are in police possession and not available for forensic analysis, it is impossible to know if they were all or some of them were the victims of an attempted or real hack.
Some of us have become experts over the years on the nefarious extent to which Modi’s administration would go to entrap people it considers adversaries – and it’s not just monitoring. The conclusions of an investigation by Arsenal Consulting, a digital forensics firm in Massachusetts, that analysed electronic copies of the laptops and emails belonging to two of the BK accused, Rona Wilson and Surendra Gadling, were recently published in the Washington Post. Investigators discovered that an unnamed hacker had entered both of their computers and that damning papers had been stored in secret folders on their hard drives. A ridiculous letter describing a cheesy scheme to assassinate Modi was among them, adding to the suspense.
The Arsenal report’s severe implications have not prompted India’s courts or mainstream media to take action in the name of justice. Quite the opposite is true. While they worked hard to cover it up and contain the report’s potential consequences, one of the BK-accused, Father Stan Swamy, an 84-year-old Jesuit priest who had spent decades of his life working among forest-dwelling tribespeople fighting corporate takeover of their homelands, died an agonising death after contracting coronavirus in prison. He had Parkinson’s disease and had recently recovered from cancer when he was arrested.
So, what are our impressions of Pegasus? It would be a severe error to dismiss it as a new technical version of an age-old game in which rulers have always spied on the ruled. This isn’t your typical snooping. Our phones are our most personal selves. They’ve evolved into a natural extension of our minds and bodies. In India, illegal mobile phone monitoring is nothing new. Every Kashmiri is aware of this. The majority of Indian campaigners do as well. We must willingly allow ourselves to being violated if we give governments and businesses the legal power to penetrate and take over our phones.
The Pegasus Project’s disclosures demonstrate that this spyware’s potential harm is far more intrusive than any prior type of eavesdropping or surveillance. Even more intrusive than Google, Amazon, and Facebook’s algorithms, which are embedded in the weave and weft of millions of people’s lives and aspirations. It’s not as if you have a spy in your pocket. It’s like having the love of your life spying on you, or even worse, having your own brain spying on you, even its unreachable corners.
Spyware like Pegasus puts the user of each infected phone, as well as their whole social circle of friends, family, and co-workers, at danger on political, social, and economic levels.
The person who has probably thought longer and deeper about mass surveillance than anybody else in the world is the dissident and former National Security Agency analyst Edward Snowden. In a recent interview to The Guardian, he warned, “If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect.” We should pay attention to him. He’s been on the inside track and has been watching it coming.
To put it another way, we are on our way to being ruled by states that know all there is to know about individuals, while people know less and less about them. That asymmetry can only lead in one direction. Malignancy. And the end of democracy.
Snowden is absolutely correct. There is no way to go back in time with technology. But it doesn’t have to operate as an unregulated, legal enterprise, reaping riches and blooming and flowering on the free market’s throbbing transcontinental roads. It must be prohibited by law. Driven into the earth. Although the technology exists, the industry does not.