Surveillance software back in business to hack phones

Hyderabad: Pegasus is a spyware which was created by a Tel-Aviv based firm 'NSO Group' which was founded in the year 2010, wherein NSO forms the initials of its founders -Niv Carmi, Shalev Hulio and Omri Lavie. According to a global NGO, the firm was set up to develop a software that could assist law enforcement and intelligence agencies to access remote digital devices, bypassing digital encryption. However, the Group mentions that the product is for exclusive use by government agencies to counter crime and terror. As per a 2018 report by 'Citizen Lab' the spyware is allegedly being used in 45 countries including India, Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.

The spyware which also goes by other names such as 'Q Suite' and 'Trident' infects a phone through website link or WhatsApp call and mostly uses a text message with a phishing link to lure its victim and thereby steal passwords, contacts, text messages and photos. For this, NSO had allegedly even created fake WhatsApp groups, reports say. As soon as the link is clicked upon, the covert software gets silently downloaded in the background sans victim's knowledge, thereby facilitating the hacker to take control of the device. Thereafter, the hacker ensures that he gets the needed information from the victim's device, by issuing directions to the spyware.

Read: Pegasus spyware row: Centre says 'No Unauthorized Surveillance'

What makes Pegasus an ultimate spyware is that it can access - passwords, contact lists, calendar events, text messages, live voice calls, encrypted audio streams, phone's camera, microphone, GPS and even encrypted messages. Now, another significant aspect of this spyware is its capability to self destruct within '60-days' if it is not able to establish contact with the hackers' server or in case it is installed on another device with a wrong SIM. Also, it has the ability to evade forensic analysis and cannot be detected by an antivirus.

Hyderabad: Pegasus is a spyware which was created by a Tel-Aviv based firm 'NSO Group' which was founded in the year 2010, wherein NSO forms the initials of its founders -Niv Carmi, Shalev Hulio and Omri Lavie. According to a global NGO, the firm was set up to develop a software that could assist law enforcement and intelligence agencies to access remote digital devices, bypassing digital encryption. However, the Group mentions that the product is for exclusive use by government agencies to counter crime and terror. As per a 2018 report by 'Citizen Lab' the spyware is allegedly being used in 45 countries including India, Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.

The spyware which also goes by other names such as 'Q Suite' and 'Trident' infects a phone through website link or WhatsApp call and mostly uses a text message with a phishing link to lure its victim and thereby steal passwords, contacts, text messages and photos. For this, NSO had allegedly even created fake WhatsApp groups, reports say. As soon as the link is clicked upon, the covert software gets silently downloaded in the background sans victim's knowledge, thereby facilitating the hacker to take control of the device. Thereafter, the hacker ensures that he gets the needed information from the victim's device, by issuing directions to the spyware.

Read: Pegasus spyware row: Centre says 'No Unauthorized Surveillance'

What makes Pegasus an ultimate spyware is that it can access - passwords, contact lists, calendar events, text messages, live voice calls, encrypted audio streams, phone's camera, microphone, GPS and even encrypted messages. Now, another significant aspect of this spyware is its capability to self destruct within '60-days' if it is not able to establish contact with the hackers' server or in case it is installed on another device with a wrong SIM. Also, it has the ability to evade forensic analysis and cannot be detected by an antivirus.

Now, though several companies like WhatsApp, Apple, Google and Microsoft have fortified their software having done research to patch their security flaws, it is possible that newer versions of the spyware can still remain a threat. According to cyber experts, once Pegasus infects a device there is nothing much left to do rather stop using the particular device which is affected.

Read: Israeli firm’s spyware used to target journalists, activists: Probe

Recently, US president Joe Biden had even instructed the Federal Trade Commission to create new guidelines related to surveillance by tech giants and user data collection with the help of algorithms (a set of rules followed in calculations or problem-solving operations by a computer). It is known that several governments have been backing for backdoor access to encrypted systems, amid objections from supporters of end-to-end encryption arguing that providing backdoor access may provide an advantage for foreign adversaries, terrorists, and hackers.

"We don't have enough laws to safeguard our privacy, due to surveillance capitalism like unilateral secret extraction of behavioral data from our lives. This is something that began in secret, grew in secret, we never agreed to it, there is almost no law to contain it…If you fundamentally described this process to any child you say hey, somebody took from me without asking, what should I do, and that child will say they stole something from you. You should call the police," says Dr Shoshana Zuboff, author of 'The Age of Surveillance Capitalism' and Professor Emeritus at Harvard Business School.