Pegasus Spyware Proves Why Snooping is a Reality

Behind the usual rigmarole of political debate, should citizens just wake up and accept that their lives can never be private anymore, especially in the fight against organized crime

 

The story of an Israeli spyware used to snoop around in India took on political overtones as is usually the case with almost everything that can be used to score brownie points in the media. The ruling BJP directed its ire towards WhatsApp, the carrier of the offending application, while the opposition played out the victim card with Congress claiming that its leaders were targeted.

Amidst all this brouhaha in the media, the moot points were ignored. Firstly, that how could WhatsApp, which clams to offer high-end encryption methods, be used as a vehicle by Pegasus, the spyware used by Israel’s NSO Group? And secondly, did the Facebook-owned company actually send out warnings to 1,400 users as it claims and if so whose fault that it was ignored?

The under-fire WhatsApp went about checking the boxes by suing NSO in a California over the matter though in a blog post six months ago, they had warned users of the spyware’s capability of taking over one’s phone through a just a video call. However, there was silence on whether the cyberattacks were authorized by them or was just something they didn’t know about or didn’t care in the first place.

Interestingly, unnamed sources were quoted by Economic Times to suggest that claims by the company of having notified Indian authorities weren’t exactly honest. They reportedly used jargon to report the matter in May and that too without any mention of the spyware Pegasus or about whom it was targeting in the country.

Which now brings even more interesting twist to the case. A report published in The Sunday Guardian suggests that in 2017, the very same Israeli company had met senior police officers of Chhattisgarh to sell them Pegasus software as a means to acquire intelligence in what is a known Naxalite-infested territory.

“These police officers were told by the representatives that this software, among other things, could convert ‘raw files’ (encrypted files) generated between two users when they use WhatsApp voice call, to audible files that can be easily played to hear what the users were talking about,” the report says quoting an unnamed official who claimed that NSO had made the presentation in other states too.

It further quoted a statement from NSO which said: “To protect the ongoing public safety missions of its agency customers and given significant legal and contractual constraints, NSO Group is not able to disclose who is or is not a client or discuss specific uses of its technology. However, the company’s products are licensed to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime.”

The company further clarified that the technology wasn’t designed for use against human rights activists and journalists and made the point that it had helped save thousands of lives over recent years. It said Pegasus had helped break into strongly encrypted platforms used by pedophile networks, drug mafia and terrorists across the world.

The company operates in a simple manner. It sends out a link that when clicked by the user installs the software on the smartphone and once done, it starts contacting control servers that allows it to relay commands and capture data. Though it has the potential to steal passwords, contacts and text messages, the spyware essentially focuses on video calls and possibly track live locations.

Cyber experts suggest that the spyware targets a vulnerability in WhatsApp VoIP stack that is used to make video and audio calls. By just giving a missed call on a WhatsApp number, Pegasus could gain access to the device, which lays bare the claim from the Facebook-owned company that it’s data encryption claims are a tad hollow.

Having taken a quick look at the issues involved, the moot question now is can citizens of an increasingly criminalized world ever claim complete privacy as a matter of individual right? Snooping is as old as civilization though the manner in which it is conducted has shifted from nameless and often faceless individuals to technology-enabled gizmos.

In 2017, the Supreme Court had ruled that right to privacy was a fundamental right and highlighted the need for a law that deals with targeted and mass surveillance. Without getting into the nuances of this judgement, the fact remains that the right to privacy cannot be above the right to freedom and protection of self and property. Which is where intelligence agencies bring in snooping as a weapon.

Just like guns, snooping equipment cannot come with user warnings. They operate in a binary world where a gun can be used to protect and destroy, which is exactly the case with tools used to detect crime of any time. If elements in society are using technology tools to their advantage, it is but natural that governments would find ways to snoop on them to spike their activities.

Therefore, to blame the weapon for destruction would be naïve, for it is the hand that holds them that is solely responsible of how it gets used.


TAGS: WhatsApp, Pegasus, Spyware