Pegasus - From the ancient flight of immortality to the modern scary mortality

PEGASUS

Waking up on a beautiful Sunday morning, going through my daily dose of newspaper, I found something different that day, still not realizing. What it is? I continued reading. There were articles about it, political personalities were talking about it, and the aroma of paper was different that morning. In one of the articles, I came across this word, "Pegasus".

What I read was both intimidating and scary.

With the advent of the Pegasus, how will the dynamics of data security and privacy change? Is privacy a myth? What will happen if the Pegasus gets into wrong hands? Its impact on democracy. These are some of the questions that flashed across my mind. In this blog, I will attempt  to explore these questions briefly.

Before deep diving into the answers, let’s look at the history of Pegasus.

HISTORY

Pegasus, in Greek mythology, is a winged horse that sprang from the blood of Medusa. It became a servant of Zeus and brought Zeus his ‘thunder and lightning’ whenever needed. It's a mysterious creature ‘capable of everything, symbolizing divine inspiration or the journey to heaven’.

In our times, Pegasus is a spyware developed by NSO group, an Israeli surveillance firm that helps spies hack into phones. In 2019, when WhatsApp sued the firm in U.S court, the matter came into light. In July 2021, Amnesty International, along with 13 media outlets across the globe released a report on how the spyware was used to snoop hundreds of individuals, including Indians.

So using an antivirus app would help, right? Unfortunately, it is not that simple when it comes to Pegasus.

HOW DOES PEGASUS WORK?

The previous version of Pegasus (2016) infected phones using ‘spear-phishing’.

In this technique, text messages or emails containing a malicious link is sent to the victim. On clicking the link, the phone is infected but this feature was enhanced in the subsequent versions.

The reason the software has caused mayhem among the masses is because the latest version of Pegasus (2019), can infiltrate into the phones with a missed call on WhatsApp, also called as “zero click” attacks. What’s more is that it can even delete record of this missed call, making it literally impossible for target to know that her/his phone has been infected.

If neither spear-fishing nor zero-click attacks work, Pegasus can also be installed over a wireless transceiver located near a target.

The fact is that, Pegasus can “do more than what the owner can do in their own device".

“'This question that gets asked to me pretty much every time, what can I do to stop this from infecting my phone' and the real honest answer is nothing" says Mr. Guarnieri, who runs Amnesty International’s Berlin based Security Lab.

WHY PEGASUS LOOKS SCARY?

With just a single text, it can bypass your phone’s security giving access to your device. It can access every message, every photo, video on the device, emails as well as get the location of the device. It can turn on the microphone even when one is not using the device, to sneak into your conversations. It can also record what is on your screen.

But what is even scarier is it can do all this without you ever knowing. Right now, when I am writing this blog or when you are reading it, our phone might already have been hijacked by Pegasus. When one reads this, it is evident to realize that privacy is indeed a myth.

Pegasus can infect both iOS and Android devices. It is probably the most advanced piece of spyware that we have seen till now in its use of zero-day vulnerability.

The aim of the software is to get full control of one’s device using rooting on android devices or jail-breaking on iOS devices.

Rooting refers to the process of allowing users of the android mobile operating system users to gain special privilege control (called as rooting access). Rooting allows the user to change system applications, settings and run specialized application.

Rooting is often misunderstood as jail-breaking in iOS operating system. However, these two concepts are completely different.

Jail-breaking is bypassing of several types of Apple prohibitions for the end user, including modifying the operating system and downloading non-approved applications (apps not available in App Store).

WhatsApp or signal, which are end to end encrypted, once Pegasus gets into your device, all of this is meaningless.

According to NSO group, it sells this software only to authorized government. But it’s becoming evident that even governments are misusing this spyware. It is alleged that the software is also being used to spy on prominent individuals. The issue is once sold, NSO cannot regulate for what purposes the software is being used.

If reports are to be believed, then the software had a role to play in the killing of Jamal Khashoggi.

PEGASUS : A THREAT TO DEMOCRACY

The ruling party can invade into discussions of opposition parties and pretty much know everything that is being planned out. The Watergate scandal of USA can look a child's play.

Moreover individuals / organizations planning to raise voice against controversial decisions can be suppressed using such spywares.

The future looks grim with advent of Pegasus, as there is a possibility that countries having weak federal system can come under dictatorial rule.

In Mexico, the software was used to spy on human rights groups.

CAN PEGASUS BE STOPPED?

The role of institutions become very important in such cases. The cyber security laws should be made much more stringent in countries. Various countries across the world don’t have proper cyber security laws to deal with technological advancements in surveillance techniques.

Looking from India’s perspective, it is very important to understand that India does not have any dedicated cyber security law. The Indian cyber security law being under the Information technology Act, 2000, a 21 years - old legislation which got amended once in the year 2008.

Once such malicious activities is reported, our cyber security laws should be flexible enough to punish the culprits.

But the fact remains that, Pegasus is the most advanced form of spyware we have ever witnessed till now. Hence, such advanced technology has to be tackled with advanced spyware countering technologies. This is a wake-up call for all the stakeholders to come up with better approaches to deal with such breaches. 

In future, we might see various updates to the already robust Pegasus. It’s also possible that many such spyware will be deployed in market in the future.

The term “DIGITAL WARFARE” might indeed become a reality.

The organization developing such spyware constantly stress on the fact that such technologies are shared with only authorized agencies.

But, what if, such advanced and potentially destructive technologies get into the hands of terrorist organizations? What if, the payment systems of countries become the next target of such spywares? What if, one day such a spyware takes out all the money from my bank account? 

Many questions remain unanswered. But what's evident is that we are moving towards a less cyber friendly world. 

On the moral and ethical front, Pegasus, which is used as an allegory of immortality of the soul and poetic inspiration, can not only compromise privacy of mortal beings but can harm freedom and democracy. 

Connect to me on LinkedIn!