India, July 19: A group of 17 international media outlets launched an investigation on the Pegasus Project, a leaked list of phone numbers from around the world. These numbers are supposedly a “target list” of phones hacked/to be hacked by Israel’s NSO Group’s Pegasus spyware programme.

What is it?

Pegasus Project is a spyware suite that is sold to “vetted government clients” by an Israeli company, NSO Group. It is used to break into and spy on computers running Windows and Mac OS X, as well as Android and iOS cell phones.

The spyware can be delivered by email or SMS links, WhatsApp messages, or considerably more complex ‘0-day‘ vulnerability exploits, which are security gaps or faults that even device manufacturers are unaware of. Finding and exploiting such “0-day” flaws is a highly specialized, sophisticated, and time-consuming process. It was once capable of infecting target cell phones simply by making a WhatsApp call, regardless of whether or not the call was answered.

 

Who is targeted?

The list appears to be significant for its length, as well as the presence of renowned journalists, dissidents from various nations, politicians, judges, businessmen, human rights workers, and heads of state.

The data was obtained by Forbidden Stories, a Paris-based non-profit, and Amnesty International, who subsequently shared it with 17 international media organizations as part of the Pegasus Project, including The Guardian, The Washington Post, and The Wire in India.

There are 300 Indian nationals on the list, including politicians, social activists, and journalists. The NSO Group claims to only sell the Pegasus suite to “vetted governments,” not private organizations, implying that the target list includes people under government monitoring.

Rahul Gandhi, Ashwini Vaishnaw (India’s Information and Broadcasting Minister), Prahlad Singh Patel (Minister of State), Officer on Special Duty for Union Minister Smriti Irani’, Sanjay Kachru, and Prashant Kishor (Election Strategist) are just a few of the names on the list. Former Rajasthan Chief Minister Vasundhara Raje’s personal secretary’s name is also included.

It should be noted, however, that just because a phone number appears in the data does not mean it was successfully targeted or was even an intended target for a hacking attempt.

The governments of Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates, as well as India, are some included in the NSO Group’s clients list.

The leaked list, according to NSO Group’s lawyers, does not constitute a “target list” for government hacking, but “may be part of a wider list of numbers that may have been utilized by NSO Group customers for other purposes.” Amnesty International’s forensic investigation appears to confirm that Pegasus did target a subset of the devices named.


Also Read: Phones of Indian politicians, journalists and judges tapped? ‘A big story’ to get published today!


How to prevent yourself from being targeted?

If the Pegasus Project’s allegations are true, it shows that more needs to be done to regulate and reform spying. Because of the widespread availability of technology and equipment, highly intrusive forms of surveillance are now possible.

Due to their use of end-to-end encryption, messaging services like WhatsApp are considered “secure.” If your gadget is infected with spyware, though, it doesn’t matter if your communications are encrypted because someone is already watching you.

It is as if you have the best security system and locks in the world for your home, only the thief is already inside.

While the technology for such surveillance is not available to anyone who asks (as far as we know), it is available to NSO’s “vetted government clients“.  Pegasus is only one of several such software packages that may be obtained for a cost.

According to Indian law, the government can intercept electronic communications for the purpose of “national security,” and this protocol has been approved by the Union Home Secretary.

Infiltrating phones or computers with these means is referred to as “hacking,” which is a crime under the Information Technology Act of 2000.