• Shreya Shukla

Pegasus- The Spyware Infecting the World

Like the arrogant tamer of Pegasus, governments are ruthless in their pursuit for power in the name of security. The program turned on its head in the recent revelation by the gadfly-like collaboration of 80 journalists.


The same country that boasts of the largest cybersecurity industry worth $82 Billion also sells the highly sophisticated and discrete spyware called Pegasus. Since its birth in 1948, Israel has found itself in a precarious position surrounded by adversaries that refuse to accept its very existence, forcing it to develop an advanced hypersensitive defence. Israel was quick to transform its military into a startup incubator and subsequently a profit-making business. NSO Group Technologies is one such creation founded by Niv, Shalev and Omri, ex-members of Unit 8200, a signal intelligence (SIGINT) and code decryption unit of the Israeli Intelligence Corps.


Bellerophon riding the winged-horse Pegasus. (Photo- github)


Pegasus is a spear-phishing software, a resemblance it shares with the Greek spearman rider of the winged horse Pegasus, Bellerophon. Spear-phishing is personalised phishing attacks disguised as familiar emails that the target is more likely to click on, infecting the device and creating an up-to-date clone of it. It is even capable of doing the same more insidiously through a missed call on WhatsApp using a security bug, getting access to everything the phone is capable of and thus, total surveillance. Be it access to the photos of the target, discreetly switching on the microphone or the camera even when not in use, access to fingerprints used to unlock the device, the end-to-end encrypted Whatsapp chats, or even the supposedly more secure Signal or Telegram chats- the entirety of a phone’s internal space is susceptible to its reach. What this software is capable of makes the scariest of Black Mirror episodes look like a fairy tale. NSO says it only sells to ‘vetted governments’ which raises the question- Who is the Big Brother here- the governments NSO sold the software to, NSO Group, or the Israeli government?


Double-edged Sword


Right in the early days of NSO, the technology was purchased by the Mexican government which proved successful in the capture of the infamous and the most wanted El Chapo through surveillance of the people he was most in contact with following the 2015 prison escape, his lawyers, and Kate del Castillo.


On the other hand, just two hours after Cecilio Pineda, a Mexican journalist, posted a video on Facebook talking about shady ties of local officials with gang leaders, he was murdered. His phone was infected by the software a few weeks earlier. NSO denied involvement.


Despite having categorically denied any role, there is evidence to suggest Pegasus was also used on Jamal Khashoggi’s family before and after his death. Once it was sold, the cyberweapons firm denied having anything to do with the use of the software with regard to the data collected on the targets.


India does not find itself in the best of company with autocracies and semi-democracies like Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates (UAE) on the list of NSO’s clients. Reportedly, Azerbaijan has the same number of journalists potentially targeted by the spyware as India at around 40 and is suspected to be more.


What the NSO makes is a virus, not a vaccine, the use of which substantially helps the cause of national security or political gains but at the cost of gross violation of privacy, a stunt which is convoluted to comprehend and now compromised as well.


The organization which played an instrumental role in uncovering the Pegasus case.


The best of intelligence operations are the ones you and I will never learn of as secrecy is safety in the modern war-zone that is present everywhere. This makes us the hapless victims of war, subjected to the whims of temperamental governments more so than perhaps even criminals, having their way with our information unless we make it stop before it is too late.

Sword of Damocles


A list of governments engaging in surveillance of their rivals as well as their own people would reveal hardly any is blameless. Living under the constant threat to one’s power by different organisations within and without the state, staying not just two but a couple of steps ahead of one’s opponents and imposters is a route that powerful entities do not shy away from taking. More often than not, this is taken too far. Those spied on are stripped off of their humanity and viewed merely as threats and subjects of interest for the smallest of reasons as disagreeing, under the façade of national security, a textbook definition of abuse of power.

The government’s curiosity in people’s personal lives kills privacy, chokes liberty and threatens democracy. In many ways, a mobile phone has become a window to one’s thoughts and reflection of what they believe in, making a spyware like Pegasus a radar for thoughtcrime, recording everything someone does, waiting for them to make the smallest of mistakes in the choice of words, people they meet or places they go to, to be coloured by law, framed for a serious crime and a premeditated capture.


As attractive and unsurprising it is for governments to keep an eye on people, sometimes for valid reasons that NSO speaks of, it is just as unacceptable. One way to combat this is by raising the costs of such projects for the end-user. This can be done by demanding stricter laws but how do you get the criminal to put themself in jail? By trapping them in the trap of their own making, now this is not a case to snoop on the government as that the other governments have taken care of, which has increasingly become a Mexican standoff of intelligence gathering that makes intelligence intercepted by each just as inconsequential. The list of countries Pegasus was sold to shows that NSO helped bridge the gap between the rich and poor governments in the dirty surveillance business. If most governments engage in surveillance which isn’t a new phenomenon, and has a history that predates mobile phones, computers and world wars that popularised it, there will be little to gain and a deadlock would ensue as most governments will also use highly sophisticated alternate modes for communication, and another specially planted mode for interception.


To put into perspective what it looks like for a person who cares about their privacy and has reason to believe they are being spied on is Mr. Chellam from The Family Man and if you are not that paranoid, Edward Snowden as played by Joseph Gordon-Levitt in Snowden. It is ugly but it is true. It is naïve to think that our demands will be met by an industry that lives in darkness and thrives on secrecy and stealth of which we know only the tip of the iceberg exposed in recent years. It took the coordinated efforts of 80 journalists from 17 media organisations in 10 countries brought together by Forbidden Stories and the support of Amnesty International to present a list of 50,000 people targeted by the spyware. Of these, some are heads of state, journalists and activists. A king, three presidents, including Emmanuel Macron, and ten prime ministers, including Imran Khan, who most likely have dedicated cybersecurity units tasked primarily with preventing such attacks, shows the accuracy of the spyware and the flaws in the operating system of the purportedly safer iOS.


As governments grow impetuous in their pursuit of power, distracted by the gains, much like the Greek hero Bellerophon and his hubris, both powered by Pegasus, their overambition inescapably leads to their fall from grace akin to exposés by Edward Snowden or the Pegasus Project.



By Shreya Shukla

shreyapshukla19@gmail.com