The recent reports about the use of Pegasus spyware against prominent Indian journalists have reignited discussions about privacy and security. Amnesty International indicates that the software was used to target these individuals, resulting in questions regarding potential government involvement. Amnesty International is a global human rights movement comprising over 10 million members dedicated to creating a future where everyone enjoys human rights.
Understanding Pegasus Spyware
Pegasus spyware is an invasive mobile surveillance tool capable of infiltrating smartphones without detection, collecting data from various apps and sources. Developed by Israeli cybersecurity firm NSO Group, it’s sold exclusively to government agencies to aid in the fight against crime and terrorism. Pegasus uses “zero-click” methods for device infection, enabling spyware installation without the device owner’s consent or interaction.
Pegasus Spyware’s Operational Procedure
Unlike typical apps requiring user confirmation, Pegasus doesn’t necessitate any user actions for installation. It can exploit vulnerabilities in apps such as WhatsApp, iMessage, or FaceTime, and trigger the installation of spyware through a message or a call, regardless of whether the user opens or answers it. Pegasus can also exploit zero-day vulnerabilities (undiscovered flaws or bugs in an operating system not yet identified and fixed by the mobile phone’s manufacturer) to install spyware on Apple products.
Targets of Pegasus Spyware
Investigations reveal that Pegasus has been used to spy on journalists, human rights activists, lawyers, opposition leaders, and even state heads. Countries accused of using Pegasus to target critics and enemies include Saudi Arabia, Mexico, India, Morocco, Hungary, Azerbaijan, and Rwanda.
Implications of Pegasus Spyware Usage
The use of Pegasus spyware threatens privacy and security, particularly for individuals and groups fighting corruption, defending human rights, or advocating democracy. It undermines press freedom by revealing journalists’ sources, strategies, and materials, compromising their independence. Plus, it risk nations’ sovereignty and stability, allowing foreign interference and spying.
Challenges Posed by Pegasus Spyware
Pegasus spyware is notably difficult to detect and remove as it can effectively conceal its presence and activities on the device and can self-destruct if it suspects detection or analysis. Regulating and controlling this spyware is hard due to its operation in legal grey areas. NSO Group and its clients often deny or evade responsibility for any misuse or abuse of the spyware.
Major Types of Cyber Threats and Related Cybersecurity Initiatives
India has several cybersecurity initiatives like the Information Technology Act 2000, National Cyber Security Strategy, Cyber Surakshit Bharat, Computer Emergency Response Team – India (CERT-In), Critical Information Infrastructure, and Indian Cyber Crime Coordination Centre (I4C). Internationally, mechanisms like the International Telecommunication Union (ITU) and Budapest Convention on Cybercrime are in place.
Recommended Actions
Measures suggested to counter these issues include establishing international oversight mechanisms to hold accountable companies for unethical surveillance tool use, strengthening national and international legal frameworks to protect targeted individuals’ privacy and human rights, launching public awareness campaigns, bolstering national cybersecurity infrastructure, and promoting ethical guidelines among tech companies.
UPSC Civil Services Examination Questions on Related Topics
In previous years, the UPSC Civil Services Examination included questions relating to cyber threats. For instance, a question from the 2018 test related to “WannaCry, Petya, and EternalBlue,” which are associated with cyber attacks. In the 2020 test, a question about benefits covered under cyber insurance for individuals in India was presented, and in 2017, a question pertained to the legal requirement for certain entities to report cyber security incidents. For the mains exam in 2022, a question centered on the different elements of cyber security and India’s success in creating a comprehensive National Cyber Security Strategy.
