Scroll Top

PEGASUS: A THREAT TO CYBER SECURITY

INTRODUCTION

The era of globalization and digitalization has been marked by a wave of advancements in the field of communication science and technology. Continuous improvements in the specific field have also led to transformation of certain devices to build a bridge to exploit the individual’s personal data. For instance, the smartphones were introduced for the purpose of simplification of the human life, but, it is now highly misused to illegally gather the information related to the user without them knowing about the same. Such techniques and software are exceedingly emerging in the society and functioning as a spyware to cause vulnerabilities to the smartphones of individuals of immense significance.

ABOUT PEGASUS

One such identified software is Pegasus, it is considered to be the most efficient and popular around the world. Conventionally, the word Pegasus is derived from the Greek fable, it is a horse like creature having wings. Greek mythologists define it as: “an illustrious winged horse that emerged from the blood of the slain Medusa and empowered Bellerophon to achieve many great deeds as his rider. Bellerophon is the hero of Corinth who performed many deeds with the help of Pegasus.”[1] Therefore, Pegasus was considered to be a brave and unique creature during the ancient times. However, in the modern era, the Pegasus we talk about is a surveillance software, built and marketed by Israeli company, NSO and used for tapping the phones.

The feature that differentiates it from other phone tapping software is that Pegasus allows inoculation of the spyware in target mobile phones through a unique non-click methodologies.[2] The software has been identified earlier in 2016 for infecting the phones through a technique called spear-phishing, where text messages or emails would hoax the target to click on a malicious link.[3] Whereas, the advanced version of the software has the potential to access the messages, call recordings, emails, camera, microphone, location and every single piece of data without any additional assistance from the user. Every information will be transferred to the master device of the hacker without the user’s knowledge, as Pegasus functions entirely under the radar and makes it impossible for the cyber-security professionals. to detect it.[4] The hacker does not need any rogue cell tower but would rely on the regular network to access the information, thus, the software is considered to be extensively encroaching.

RECENT CONTROVERSY

Recently, the case related to data leakage and stealing were widely heard in various parts of the different nations, numerous renowned personalities have complained about the hacking of their smartphones to manipulate their personal information. In 2019 WhatsApp uncovered that NSO’s product had been utilized to send malware to in excess of 1,400 telephones by taking advantage of a zero-day weakness. This was finished by putting a WhatsApp call to the pointed gadget, malignant Pegasus code could be introduced on the telephone, irrespective of the fact whether the call is answered or not. Lately, NSO has begun manipulating susceptibilities in Apple’s iMessage software to leave open the entrance access to hundreds of millions of iPhones.[5] Among the targets were Politicians, Journalists, social activists, students and other. The research and survey list the names of those targeted by the spyware; M.K. Venu, Siddharth Varadarajan, Smita Sharma, Shishir Gupta, Prashant Jha, Rahul Singh, Prahalad Singh Patel, Rahul Gandhi, Ashok Lavasa, Alok Shukla and many others complained about their phones been hacked.

The France-based media NGO: Forbidden Stories had retrieved leakage of the digital data of around 50,000 numbers who were assumed to be targeted by clients of NSO Group for surveillance.[6] Whereas, NSO group justify that the software has been developed to assist the certified authorities to hack the devices of the criminals or suspicious persons, they contend that the basic purpose is to maintain the situation of law and order, avoid the communication of confidential information and at the same time gather the controversial data. Various governmental agencies have subscribed to the software and used it to control the terrorist and smuggling activities in and around the nation; Saudi Arabia used NSO to scout on Khashoggi. Correspondingly, American and Russian spy agencies have also been using this type of software for a long time.[7]

CYBER SECURTY STATUS IN INDIA

However, the usage of such advance and complicated technology requires well-established law to ensure a proper and purposeful application. Countries like China, Vietnam, and Singapore etc. have specific laws enforced to deal with the cyber security issues. Whereas, India doesn’t have any devoted digital protection law. The Indian Cyberlaw the Information Technology Act, 2000 is a 21 years of age enactment which got changed just a single time in the year 2008.[8] Since then, there have been enormous development and advancement in the communication technology, new methods have been developed manifestly. Therefore, it is quite obvious that the conventional act is not enough to deal with every problem in the area of technology, the legal framework needs to be updated or amended as per the current scenarios.

However, as per the Information Technology Act, 2000[9], a spyware is illegal in India as the activities of spyware are equivalent to unauthorisedly accessing computer resource, dishonestly or fraudulently without the permission of the user or owner of the computer resource.[10] Thus, this act is considered to be a crime under Section 66[11] (Punishment for the offence) along with Section 43[12] (Penalty and compensation for damage to the computer or computer system) of the Information Technology Act, 2000.[13] Also, Section 69[14] (Power to issue directions for interception or monitoring or decryption of any information through any computer resource) allows the Central Government to take necessary steps in the interest of the sovereignty, defence, security, law and order of the State as well as to maintain friendly relations with foreign States.[15] However, such interception is guided lawfully by Procedure and Safeguards for interception, Monitoring and Decryption of Information Rules, 2009[16].

CONCULSION

Thus, it can be observed that India has made certain valuable attempts to ensure safeguard from the malfunctioning activities like spyware. However, there is a long way to go with the updating of the existing legal provisions and making appropriate amendments. The law must be in consistency to the advancements in the technological world and also fulfil the requirements of the foreseeable changes.

Author(s) Name: Vritika Chanjotra (Rajiv Gandhi National University of Law, Patiala)

References:

[1] ‘Pegasus’ <https://www.collinsdictionary.com/dictionary/english/pegasus> assessed 6 August, 2021

[2] Pavan Duggal, ‘Pegasus Controversy: Where Does India Stand on Cyber Laws’ (Outlook, 22 July, 2021) <https://www.outlookindia.com/website/story/opinion-pegasus-controversy-where-does-india-stand-on-cyber-laws/389018> assessed 6 August, 2021

[3] David Pegg and Sam Cutler, ‘What is Pegasus spyware and how does it hack phones?’ (The Guardian, 18 July 2021) https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones assessed 6 August, 2021

[4] Abhinav Singh, ‘Pegasus row: Experts caution against constantly-evolving spywares’ (The Week, 19 July, 2021) <https://www.theweek.in/news/sci-tech/2021/07/19/pegasus-row-experts-say-spywares-are-constantly-evolving.html> assessed 6 August, 2021

[5] Note 3

[6] ‘Pegasus Project: 161 Names Revealed by The Wire on Snoop List So Far’ (The Wire, 6 August, 2021) <https://thewire.in/rights/project-pegasus-list-of-names-uncovered-spyware-surveillance> assessed 7 August, 2021

[7] Note 4

[8] Note 2

[9] Id

[10] Pawan Duggal, ‘Pegasus controversy, a legal viewpoint | Expert Opinion’ (Indian Today, 22 July, 2021) <https://www.indiatoday.in/india/story/pegasus-controversy-legal-viewpoint-expert-opinion-1831216-2021-07-22> assessed 7 August, 2021

[11] Information Technology Act, 2000 § 66

[12] Information Technology Act, 2000 § 43

[13] Note 8

[14] Information Technology Act, 2000 § 69

[15] Note 2

[16] Procedure and Safeguards for interception, Monitoring and Decryption of Information Rules, 2009

Related Posts