Understanding Pegasus, The Virus That Transforms A Phone Into A Spy

Decoding the software being used to monitor 1,400 people

V. Kumara Swamy Updated: Jan 29, 2020 11:37:56 IST
Understanding Pegasus, The Virus That Transforms A Phone Into A Spy

On 29 October 2019, Facebook filed a lawsuit against the makers of Pegasus, the much-talked-about spyware that was allegedly used to hack the smartphones of around 1,400 individuals worldwide through WhatsApp, the messaging service owned by Facebook. 

The creator of the spyware, which is supposed to be licensed only to governments, is the Israeli firm NSO Group. With more than 1.5 billion users of WhatsApp globally, the prospect of being spied upon has sent shockwaves around the world.

In its complaint filed in a California court, Facebook has alleged that between April 2019 and May 2019, NSO Group Technologies used WhatsApp servers, located in the United States and elsewhere, to send malware to "approximately 1,400 mobile phones and devices (‘target devices’).” It goes on to allege that the virus was designed to infect the ‘Target Devices’ for "conducting surveillance" on specific WhatsApp users. 

Facebook goes on to state that this was in violation of “WhatsApp’s Terms of Service.” 

How does Pegasus work?

According to Greek mythology, Pegasus was a winged horse. But the software named after it likes to work in the shadows of a phone gliding effortlessly through it without the owner’s knowledge.

Experts say that the virus is so powerful that it installs itself on a phone without the 'targeted device' holder even having the slightest inkling about it. An innocuous text message with a web-link that you may open to read or a WhatsApp call that you may or may not answer is enough for the program to infect your device. The virus, then, like in a sci-fi movie, can take control of the phone and snoop in on all mail, audio, video and text exchanges conducted on it. It can even record offline conversations between conversing people in the vicinity of the phone and take pictures with the phone’s camera. All of this is controlled remotely without the owner of the device knowing that these activities are taking place.

In other words, it turns your smartphone into a device that can spy on you.

“The Targets”

Writing in the Washington Post, Will Cathcart, head of WhatsApp at Facebook, said that the malware targeted at least 100 human-rights defenders, journalists and other members of civil society across the world. "This should serve as a wake-up call for technology companies, governments and all Internet users. Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk,” he wrote.

The standard defence of the NSO Group has been that Pegasus has been used by many countries to infiltrate terror communications and criminal enterprises. In fact, in an interview in January 2019, Shalev Hulio, the founder of NSO, claimed that it was his company’s software that played a pivotal role in the capture of Mexican drug kingpin El Chapo—Joaquín Guzmán—in 2015.

The spyware is considered so powerful that it is sold only to the governments after getting approval from the Israeli government.

But the Indian government, at least so far, has denied that it used this malware to target lawyers, human rights activists and journalists.

A brief history:

WhatsApp users may have been infected only this year, but Pegasus has been around for a few years now. For instance, it blew up in the face of the Mexican government in 2017 when opposition politicians were allegedly spied upon through this malware. 

According to the Mexican media, the spyware doesn’t come cheap. The Mexican government allegedly paid USD 32 million for it in 2014.

The NSO Group also came into focus last year after a Canada-based activist filed a suit against it alleging that it had licensed Pegasus to the government of Saudi Arabia, which in turn used it to hack the phone of Jamal Khashoggi, the Saudi journalist who was killed in Istanbul, Turkey. NSO has refuted the allegation saying that Pegasus was never used against Khashoggi.

In a telecast of the US television programme, '60 Minutes’ on CBS in March this year, Tami Shachar, co-president of NSO Group, said that Pegasus was not a "mass surveillance" technology. "This is really for the Bin Ladens of the world.”

People like Degree Prasad Chouhan, and others who have fallen prey to the spyware’s malicious abilities, have enough reasons to dispute that claim.

Do You Like This Story?
Other Stories