Tech2 news staffJuly 19, 2021 22:26:50 IST
On July 19, a consortium of nineteen international media organizations published a study on a list of leaked phone numbers around the world. Pegasus project. These numbers are allegedly a “target list” of phones that have been hacked or hacked by hackers. Pegasus a spyware product sold by the Israeli NSO group. The list is obviously notable for its large size, as well as the fact that it includes several notable journalists, dissidents from different countries, politicians, judges, businessmen, rights defenders and heads of state. Some of the sites listed have collaborated with a media consortium and Amnesty International in a criminal investigation of their equipment and found evidence of hacking Pegasus suite.
What is Pegasus?
Pegasus is a spyware package sold by the Israeli company NSO Group to “verified government customers”. It is used on Windows, Mac, and Android and iOS smartphones aimed at compromise and control. Spyware can be delivered via email or text message, links sent through WhatsApp, or using much more sophisticated “0-day” vulnerabilities that are security flaws or bugs unknown to device manufacturers. Finding and exploiting such 0-day vulnerabilities is a highly specialized, complex, and time-consuming task. At one point, it has been able to infect target smartphones simply by making a WhatsApp call, regardless of whether the call is answered or not.
Who has seen this information?
The data were used by a non-profit organization based in Paris Forbidden stories and Amnesty International, which then shared it with 17 international media organizations around the world as part of it Pegasus projectincluding Caretaker, Washington Post and India Yarn. Forbidden stories claims that that list contains the intended items for the NSO group ‘s Pegasus software package. However, it is clear that the mere addition of a telephone number to the data does not automatically mean that it has been successfully targeted or even the intended target of a hacking attempt.
Why is this important?
By Yarnis The NSO Group’s customer list includes the governments of Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates, as well as India. List, Yarn reports, there are 300 Indian citizens, including some politicians, rights defenders and journalists. The NSO Group claims to be selling Pegasus only to “audited governments” and not to private parties, suggesting that the list of targets includes government-controlled individuals.
The price of the suite also puts it out of the reach of most private parties. Amnesty International conducted a small sample of 37 phones – including 10 Indian phones – in a criminal investigation and found signs Pegasus infection. These devices belonged to journalists, politicians, businessmen, lawyers, and other professionals — notable people, not criminals or terrorists. The corresponding correlation is that this is indeed a list Pegasus spyware items.
A telephone or computer infiltrating by such methods involves “hacking,” which is a criminal offense under the Information Technology Act 2000.
What the Indian government says
As part of its official statement, which we repeat below, the central government has called the story “Lack of facts, but also based on pre-planned conclusions” adding it “It looks like you’re trying to act in the role of investigator, prosecutor, and jury.”
The Board categorically stated that: “The allegations concerning government control over certain people have no concrete basis or truth.”
The opinion also continues:
“India has a well-established procedure through which legal abduction electronic communication takes place for the purpose of electronic communication national securityin particular for reasons of public emergency or public security by the Center and government agencies. Requests for these lawful interceptions of electronic communications are made In accordance with section 5 (2) of the Indian Telegraph Act, 1885, and section 69 of the Information Technology Act 2000 (Amendment)..
Each case of interception, monitoring and decryption has been approved the competent authority, the Union Minister for the Interior. These powers are also available to the EU the competent authority of the state governments In accordance with the IT Rules (Rules on Data Interception, Monitoring and Decryption), 2009. “
In short, there is an established protocol for the interception of electronic communications by governments under Indian law for “national security” purposes and approved by the Union Minister of the Interior.
Today in Parliament, Minister of Electronics and Information Technology Ashwani Vaishnaw said that “the report itself clarifies that the presence of the number does not mean reprimand” and added “NSO has also said that the list of countries using Pegasus is wrong and many of those countries are not even our customers. also that the majority of customers are from the West. “
What the NSO Group says
The Israeli company NSO Group spoke Yarn through their attorneys and insist that the leaked list does not include a “target list” for government hacking, but “may be part of a larger list of numbers that may have been used by NSO customers for other purposes.” Here, “NSO Group customers” means “audited governments.” A forensic analysis by Amnesty International appears to indicate that a sample of these devices was taken Pegasus.
But I use Signal / Telegram / WhatsApp. Can anyone read my posts?
Short answer: Yes. Communication between communication platforms such as Signal and WhatsApp is considered secure due to their end-to-end encryption. However, if your device itself contains spyware, it doesn’t matter that your communications are encrypted because someone is already looking over your shoulder. It’s like the world’s best security system and locks into the house, except that the thief is already inside.
Long answer: All techniques can be circumvented or circumvented by providing sufficient time and resources. In that case that Pegasus, smartphones are infected with spyware using a number of advanced attacks that exploit security vulnerabilities that even phone manufacturers may not be aware of – the so – called. 0-day vulnerabilities. These are not resources that are available to all organizations, but someone with enough resources and motivation can certainly find ways to spy on your communications. If the question is “who would do that?”, The answer is “anyone with enough money and motivation”.
If Pegasus project, it clearly shows that more needs to be done to regulate and reform supervision. The presence of technology and equipment means that deeply invasive forms of surveillance are now possible. While the technology of such surveillance is not available to anyone who asks (as far as we are told), it is Is available to “inspected government customers”, which in the case of the UFO include Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates in addition to India. And we have to remember that Pegasus is just one of many such software packages that are available at a price.
Or, as Minister of Electronics and Information Technology, Ashwani Vaishnaw, said in Parliament today: “When we look at it through the prism of logic, it is clear that there is no substance behind sensationalism.”