It is the name for perhaps the most powerful piece of spyware ever developed – certainly by a private company. Once it has wormed its way on to your phone, without you noticing, it can turn it into a 24-hour surveillance device. It can copy messages you send or receive, harvest your photos and record your calls. It might secretly film you through your phone’s camera, or activate the microphone to record your conversations. It can potentially pinpoint where you are, where you’ve been, and who you’ve met.
Pegasus is the hacking software – or spyware – that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group. It has the capability to infect billions of phones running either iOS or Android operating systems.
The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed. These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.
In 2019 WhatsApp revealed that NSO’s software had been used to send malware to more than 1,400 phones by exploiting a zero-day vulnerability. Simply by placing a WhatsApp call to a target device, malicious Pegasus code could be installed on the phone, even if the target never answered the call. More recently NSO has begun exploiting vulnerabilities in Apple’s iMessage software, giving it backdoor access to hundreds of millions of iPhones. Apple says it is continually updating its software to prevent such attacks.
Technical understanding of Pegasus, and how to find the evidential breadcrumbs it leaves on a phone after a successful infection, has been improved by research conducted by Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab.
For companies such as NSO, exploiting software that is either installed on devices by default, such as iMessage, or is very widely used, such as WhatsApp, is especially attractive, because it dramatically increases the number of mobile phones Pegasus can successfully attack.
As the technical partner of the Pegasus project, an international consortium of media organisations including the Guardian, Amnesty’s lab has discovered traces of successful attacks by Pegasus customers on iPhones running up-to-date versions of Apple’s iOS. The attacks were carried out as recently as July 2021.
Forensic analysis of the phones of victims has also identified evidence suggesting NSO’s constant search for weaknesses may have expanded to other commonplace apps. In some of the cases analysed by Guarnieri and his team, peculiar network traffic relating to Apple’s Photos and Music apps can be seen at the times of the infections, suggesting NSO may have begun leveraging new vulnerabilities.
Where neither spear-phishing nor zero-click attacks succeed, Pegasus can also be installed over a wireless transceiver located near a target, or, according to an NSO brochure, simply manually installed if an agent can steal the target’s phone.
Once installed on a phone, Pegasus can harvest more or less any information or extract any file. SMS messages, address books, call history, calendars, emails and internet browsing histories can all be exfiltrated.
One of the most significant challenges that Pegasus presents to journalists and human rights defenders is the fact that the software exploits undiscovered vulnerabilities, meaning even the most security-conscious mobile phone user cannot prevent an attack.
Receive Daily Updates
Recent Posts
Steve Ovett, the famous British middle-distance athlete, won the 800-metres gold medal at the Moscow Olympics of 1980. Just a few days later, he was about to win a 5,000-metres race at London’s Crystal Palace. Known for his burst of acceleration on the home stretch, he had supreme confidence in his ability to out-sprint rivals. With the final 100 metres remaining,
[wptelegram-join-channel link=”https://t.me/s/upsctree” text=”Join @upsctree on Telegram”]Ovett waved to the crowd and raised a hand in triumph. But he had celebrated a bit too early. At the finishing line, Ireland’s John Treacy edged past Ovett. For those few moments, Ovett had lost his sense of reality and ignored the possibility of a negative event.
This analogy works well for the India story and our policy failures , including during the ongoing covid pandemic. While we have never been as well prepared or had significant successes in terms of growth stability as Ovett did in his illustrious running career, we tend to celebrate too early. Indeed, we have done so many times before.
It is as if we’re convinced that India is destined for greater heights, come what may, and so we never run through the finish line. Do we and our policymakers suffer from a collective optimism bias, which, as the Nobel Prize winner Daniel Kahneman once wrote, “may well be the most significant of the cognitive biases”? The optimism bias arises from mistaken beliefs which form expectations that are better than the reality. It makes us underestimate chances of a negative outcome and ignore warnings repeatedly.
The Indian economy had a dream run for five years from 2003-04 to 2007-08, with an average annual growth rate of around 9%. Many believed that India was on its way to clocking consistent double-digit growth and comparisons with China were rife. It was conveniently overlooked that this output expansion had come mainly came from a few sectors: automobiles, telecom and business services.
Indians were made to believe that we could sprint without high-quality education, healthcare, infrastructure or banking sectors, which form the backbone of any stable economy. The plan was to build them as we went along, but then in the euphoria of short-term success, it got lost.
India’s exports of goods grew from $20 billion in 1990-91 to over $310 billion in 2019-20. Looking at these absolute figures it would seem as if India has arrived on the world stage. However, India’s share of global trade has moved up only marginally. Even now, the country accounts for less than 2% of the world’s goods exports.
More importantly, hidden behind this performance was the role played by one sector that should have never made it to India’s list of exports—refined petroleum. The share of refined petroleum exports in India’s goods exports increased from 1.4% in 1996-97 to over 18% in 2011-12.
An import-intensive sector with low labour intensity, exports of refined petroleum zoomed because of the then policy regime of a retail price ceiling on petroleum products in the domestic market. While we have done well in the export of services, our share is still less than 4% of world exports.
India seemed to emerge from the 2008 global financial crisis relatively unscathed. But, a temporary demand push had played a role in the revival—the incomes of many households, both rural and urban, had shot up. Fiscal stimulus to the rural economy and implementation of the Sixth Pay Commission scales had led to the salaries of around 20% of organized-sector employees jumping up. We celebrated, but once again, neither did we resolve the crisis brewing elsewhere in India’s banking sector, nor did we improve our capacity for healthcare or quality education.
Employment saw little economy-wide growth in our boom years. Manufacturing jobs, if anything, shrank. But we continued to celebrate. Youth flocked to low-productivity service-sector jobs, such as those in hotels and restaurants, security and other services. The dependence on such jobs on one hand and high-skilled services on the other was bound to make Indian society more unequal.
And then, there is agriculture, an elephant in the room. If and when farm-sector reforms get implemented, celebrations would once again be premature. The vast majority of India’s farmers have small plots of land, and though these farms are at least as productive as larger ones, net absolute incomes from small plots can only be meagre.
A further rise in farm productivity and consequent increase in supply, if not matched by a demand rise, especially with access to export markets, would result in downward pressure on market prices for farm produce and a further decline in the net incomes of small farmers.
We should learn from what John Treacy did right. He didn’t give up, and pushed for the finish line like it was his only chance at winning. Treacy had years of long-distance practice. The same goes for our economy. A long grind is required to build up its base before we can win and celebrate. And Ovett did not blame anyone for his loss. We play the blame game. Everyone else, right from China and the US to ‘greedy corporates’, seems to be responsible for our failures.
We have lowered absolute poverty levels and had technology-based successes like Aadhaar and digital access to public services. But there are no short cuts to good quality and adequate healthcare and education services. We must remain optimistic but stay firmly away from the optimism bias.
In the end, it is not about how we start, but how we finish. The disastrous second wave of covid and our inability to manage it is a ghastly reminder of this fact.