The Pegasus Surveillance developed by Israel’s NSO Group. The latest in technology to hack journalists, and allow them to be placed under deep surveillance by governments though several, including India, have denied it.
Surveillance and journalists go hand in hand, in that from the state intelligence, to the intelligence bureau, to the research and analysis wing, to revenue intelligence, to military intelligence, to Chidamabaram and Amit Shah’s favourite national investigation agency that can bypass states—hope we have got most of the agencies listed— scribes remain a favourite target.
In this democracy the messenger is deeply feared by increasingly insecure and authoritarian governments and over the years an infrastructure created whereby independent journalists are brought under a system of surveillance that makes those in power feel more confident and comfortable. It does not take long for a journalist good at her job to rise from the levels of police surveillance and background checks to central monitoring. That phones are tapped, and journalists shadowed has been an accepted and yet abhorrent fact with Wikileaks and now the Pegasus revelations establishing an expansive global design and cooperation.
It is not a surprise that NSO Group is headquartered in Israel, a country infamous for its paranoia. Its successive governments have lived on fear and conspiracies, and used perceived and often non existent threats to build a surveillance system that makes a mockery of privacy, even as it attracts equally paranoid players to avail of its spyware.
That India is in the list along with Saudi Arabia, Azerbaijan, Hungary, Morocco, Bahrain, and other such authoritarian regimes is a matter of regret and concern, the only big country and a recognised democracy really that has crossed from the acceptable into the intolerable,
The government has of course, totally denied the allegations exposed by Freedom Stories and the conglomerate of 18 media houses across the world. And insisted that it represents a democracy and has nothing to do with such activities. NSO Group itself has issued a denial and sent legal notices to Freedom Stories and its group of media houses.
However, all concerned have published the data that establishes surveillance through the Pegasus software on at least 180 journalists across the world. Of whom 40, and perhaps even more as all the results have not been verified, are in India. The list includes well known media houses like Indian Express, the Wire and others but also smaller, relatively unknown scribes. One, from Punjab, has all his three phones targeted.
That Pegasus is invasive and expansive has been established. The journalists targeted have spoken to the media detailing harassment, fear and intimidation from respective governments. And suspected high levels of surveillance as their activities and movements seemed to be known to governments. It is now known that Pegasus penetrated the telephones of Adnan Khashoggi’s fiance, before he was brutally killed in his own country’s mission in Turkey. It was reported earlier that his close friend Omar Abdulaziz was targeted by Pegasus in the months before the well known scribe’s murder.
Governments are expected to deny their involvement. However Israel’s NSO Group has always maintained that Pegasus is used only on government orders and is not available to others. So the questions that arise and need to be answered both by the Israeli company and the government here are:
– It is clear from the records and examination of at least some of the phones of the journalists that these were Pegasus targeted. So who requisitioned it from India? And did the NSO Group bypass its own policy of not supplying the spyware to non-government actors?
-Even if one were to believe the GOI denials, surely as the government of a big democracy, it should have the answers now to :
a) who hired the NSO Group and why;
b) how did this extraordinary transaction involving a high security and intrusive spyware pass it by;
c) what is it going to do about its own gaps in the security system whereby private players (of course not the government) were able to requisition and apply such surveillance on journalists and bonafide citizens of India;
d) what is it going to do about the harassment and intimidation of the media through a foreign surveillance group?
This is a major intrusion, targeted at controlling the messenger. With what can be disastrous results as one has seen in the Khashoggi case. This spyware that controls the device altogether, also poses danger to the sources that journalists depend on. The use of Pegasus is condemnable and needs a proper impartial investigation, to be set up in consultation with the media and the Opposition. Silence and denials will not restore confidence and trust.
Jharkhand Scribe Rupesh Kumar Singh Narrates The Pegasus Project Involvement
About 40 Indian journalists were named in a leaked list that consists of phone numbers of potential targets for surveillance by an unidentified agency using Pegasus spyware developed by Israel’s NSO Group. Rupesh Kumar Singh, an independent journalist from Jharkhand, stands out as three of his phones are on the Pegasus targeted list.
The Pegasus Project, a collaboration of news organisations analysed the list and held that data on identified targets was collected in advance of surveillance attempts on them, according to Freedom Stories in collaboration with media houses across the world.
Singh first suspected his phone was being tapped after he published a story on the killing of an innocent Adivasi man by Jharkhand police in 2017. He told #KhabarLive. “We went there and did ground reporting and exposed that the police killing of the adivasi labourer has been wrong,” said Singh. His report led to a movement of various opposition parties and labour and Adivasi unions to raise questions and force the government to start an investigation on the matter.
“Since then I have felt my movement is being recorded,” he added.
After this story came out, whenever Singh would go out to report, there would already be people present at the location, enquiring about him. He started using a different phone number or leaving his phone behind to maintain his privacy. “I think that’s when they started tapping my wife’s number,” he said.
According to him, there was a GPS and camera planted in his wife’s car which they found after his arrest in 2019. “That is when we knew for sure my wife’s phone was also being tapped,” he said.
In June 2019, Singh was arrested by the Bihar police and booked for possession of explosives under the oppressive Unlawful Activities (Prevention) Act. He was released six months later on bail as the police failed to file a charge sheet within the stipulated time, according to Singh.
“The third number being recorded was that of my wife’s sister, who lives away from us. We had no idea her phone was also being tapped,” said Singh.
In addition to being a journalist, he also calls himself an activist. Most of Singh’s reporting is about false charges and fake encounters by the police in Jharkhand. “This is why I was targeted more,” he said.
The leaked data also includes the numbers of top journalists at big media houses like the Hindustan Times, India Today, Network18, The Hindu and Indian Express as well as journalists from Saudi Arabia, Morocco, Hungary, Mexico, Bahrain to name a few.
“The government has spied on journalists to intimidate them, But I am not scared at all. As long as I am alive I will write and report,” said Singh.
“This should be considered as an award by the Modi government for any real journalist,” he added.
Pegasus – The ‘ultimate spyware’ used for surveillance
Pegasus, the malicious software created by the Israeli company NSO Group, has allegedly been used to secretly monitor and spy on an extensive host of public figures in India.
At the heart of the alleged phone-tapping scandal in India is Pegasus, the malicious software created by the Israeli company NSO Group.
According to an expose by a global consortium of media publications, phones of two serving union ministers, three opposition leaders, one constitutional authority, current and former heads of security organisations, administrators and 40 senior journalists and activists from India were allegedly bugged using the Israel spy software Pegasus and put on surveillance.
But Pegasus has been under the scanner, over its surveillance activities, for a while now.
In September 2018, The Citizen Lab, a Canadian cybersecurity organisation, published a comprehensive report identifying 45 countries, including India, in which the spyware was being used.
Then in October 2019, WhatsApp revealed that journalists and human rights activists in India had been targets of surveillance by operators using Pegasus.
But what really is Pegasus? How does it operate? Who uses the software? And why has it earned the reputation of being behind the most sophisticated spyware attacks?
Pegasus is a type of malicious software or malware classified as a spyware.
Spyware such as Pegasus is designed to gain access to your device, without your knowledge, and gather personal information and relay it back to whoever it is that is using the software to spy on you.
According to this report, Pegasus is the “the ultimate spyware for iOS and Android”, and has been behind the “most sophisticated attack ever seen”
But then are Apple products immune to these attacks? In simple terms, no.
Pegasus, in fact, is widely sought after because it can hack into iPads and iPhones despite Apple products being touted to be among the safest and best for data privacy.
To make matters worse, those operating the software can even turn on a phone’s camera and microphone to capture activity in the phone’s vicinity.
In all, according to this report, Pegasus “can monitor up to 500 phones in a year, but can only track a maximum of 50 at one go”. The report, citing sources, adds that it costs about $7-8 million per year to license Pegasus.
In short, keep an eye out for text messages.
A hacker would typically try to infect a victim’s device with Pegasus using a phishing link, mostly sent via a text message that looks innocent and benign.
Clicking on the phishing link would (without the victim’s knowledge) start the download of Pegasus on the device and set up a connection with a hacker’s command computer that could be thousands of miles away.
The hacker can then communicate with the Pegasus spyware via the remote command centre and issue directions for what information the spyware should send back to the hacker’s server.
According to The Citizen Lab, in this way Pegasus can be used to gather a vast amount of victim information: “Passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.”
According to this report, “Pegasus could even listen to encrypted audio streams and read encrypted messages”.
Then there are the other aspects that make Pegasus an extremely sophisticated software.
For one, Pegasus “self-destructs” if it can’t communicate with the hacker’s control centre for over 60 days or if it “detects” that it has been installed on a device with the wrong SIM card since NSO made Pegasus for targeted spying on selected victims, not just anyone.
Pegasus has been developed by the Israeli firm NSO Group that was set up on 25 January 2010.
According to an Amnesty International report, the first name initials of the founders form the acronym ‘NSO’. The founders are Niv Carmi, Shalev Hulio and Omri Lavie.
The Amnesty report citing Hulio says NSO’s goal was “to develop technology that would provide law enforcement and intelligence agencies with direct remote access to mobile phones and their content – a workaround to the increasingly widespread use of encryption in the digital environment”.
The Amnesty report adds that Hulio “claimed” the idea for a service and company like NSO was inspired by “a request from European authorities that were familiar with his and Omri Lavie’s existing work on cell phone carrier customer service technology”.
NSO does not openly name who buys its software. But its website does say that its products are used exclusively “by government intelligence and law enforcement agencies to fight crime and terror”.
The Citizen Lab report in 2018 identified 45 countries, including India, Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates, where it is being used.
In India, following WhatsApp revelations that activists were snooped upon, questions surfaced about a possible meeting between representatives of NSO and the Chhattisgarh Police on 2 November, 2019.
‘The Congress government in Chhattisgarh set up a three-member committee to look into it. In January 2020, the government, however, said that “no evidence linking any government official to the snooping was found”. The government also said there was no evidence found regarding a presentation done by NSO in Chhattisgarh.
There is no clarity on the issue.
In November 2019, Lok Sabha MP from the DMK, Dayanidhi Maran, asked on the floor of the House if the government taps WhatsApp calls and messages, and whether the government uses Pegasus for this purpose.
A written response provided by then Minister of State for Home Affairs, Kishan Reddy, did not directly address queries about tapping or Pegasus.
“Section 69 of the Information Technology Act, 2000 empowers the Central Government or a State Government to intercept, monitor or decrypt…any information generated…or stored in any computer resource,” the response said, adding that it was for reasons including sovereignty and security of the country.
“Section 5 of the Indian Telegraph Act, 1885 empowers lawful interception of messages on occurrence of public emergency or in the interest of public safety,” the response added.
The response also listed the 10 agencies that can intercept messages under the law and a Standard Operating Procedure (SOP). Such agencies allowed to intercept messages include the Intelligence Bureau, Enforcement Directorate, Cabinet Secretariat (RAW), and Commissioner of Police, Delhi.
The response further said that “there is no blanket permission to any agency for interception or monitoring or decryption and that permission from competent authority is required, as per due process of law and rules, in each case”. #livehyd #LiveHyd