Pegasus spyware, developed by NSO Group, has been deployed in multiple countries for intelligence and surveillance purposes. It targets smartphones to extract data and monitor communications. Governments and agencies have used Pegasus for tracking criminals, terrorists, and political dissidents.
Technical Capabilities of Pegasus
Pegasus exploits zero-click vulnerabilities in mobile operating systems like iOS and Android. It can access messages, calls, emails, location, camera, and microphone without user interaction. The spyware uses encrypted communication channels to transmit data to command-and-control servers.
Countries Using Pegasus
Reported users include India, Mexico, Saudi Arabia, Hungary, and the United Arab Emirates. Some governments have employed Pegasus for law enforcement and national security. There are documented cases of its use against journalists, activists, and opposition figures in several nations.
Legal and Ethical Concerns
Multiple countries have raised concerns about privacy violations and misuse of Pegasus. Several legal cases have been filed against governments and NSO Group for unauthorised surveillance. International bodies have called for regulation of spyware and transparency in its deployment.
NSO Group and International Response
NSO Group claims it sells Pegasus only to vetted governments for lawful purposes. The company faced sanctions from the US government in 2021 for alleged misuse. Several countries are considering legislation to regulate spyware exports and usage.
What to Study for UPSC Exams?
- Cybersecurity Laws in India
- International Surveillance Norms
- Digital Privacy and Human Rights
- Technological Aspects of Cyber Espionage
Cybersecurity Laws in India
India’s primary cybersecurity legislation is the Information Technology Act, 2000, amended in 2008 to address cybercrimes. The CERT-In agency coordinates national cybersecurity incidents. The Personal Data Protection Bill, pending enactment, aims to regulate data privacy and protection. India lacks a comprehensive cybersecurity law but follows sector-specific regulations and guidelines issued by the Ministry of Electronics and Information Technology.
International Surveillance Norms
No binding international treaty governs state surveillance; norms arise from soft law and customary practices. The Budapest Convention on Cybercrime is the only multilateral treaty addressing cyber investigations. The UN has discussed state surveillance under human rights frameworks, emphasizing necessity and proportionality. Intelligence-sharing alliances like Five Eyes operate under informal norms without public legal frameworks.
Digital Privacy and Human Rights
Digital privacy is recognized under the right to privacy by the UN Human Rights Council. The right includes protection from arbitrary surveillance and data misuse. The European Court of Human Rights has ruled that mass data retention violates privacy rights. Emerging debates focus on balancing state security and individual freedoms in digital spaces.
Technological Aspects of Cyber Espionage
Cyber espionage employs zero-day exploits, phishing, and malware to infiltrate targets. Advanced Persistent Threats (APTs) maintain long-term access to networks. Techniques include supply chain attacks and hardware implants. Attribution is challenging due to anonymization and use of proxy infrastructure. Cyber espionage targets governments, corporations, and critical infrastructure globally.
Last Modified: April 13, 2026