Stealth of surveillance in the Pegasus Breach

Tehelka’s Cover Story in this issue is about the privacy that is at peril in cyberspace in view of the disclosure that an Israeli group used spyware to snoop on human rights activists and journalists in India. Almost at the same time, a malware attack was detected at the Kudankulam Nuclear Power Plant in Tamil Nadu through an infected device. It is an established fact that professional hackers can cause huge damage by entering the network to steal private data.

In the Israeli case, the spyware got installed on the phone with just a missed call, giving access to the phone’s operating system, compromising both privacy and security. The paradox is that WhatsApp, which was already in the dock for offering a platform for fake news, is the culprit even in this case. The fact is that the Israeli state-of-the art spyware Pegasus that was used to snoop on Human Rights activists, journalists and others can takeover an individual’s privacy.

The allegations that the governments and its agencies for snooping use spyware like Pegasus and surveillance makes the issue all the more grave. The government’s reaction to revelation by WhatsApp, which is owned by Facebook that it is suing the Israeli Company, is inadequate because privacy is in peril. It is okay to ask WhatsApp why the breach happened, but the government must answer and clear all doubts in public domain as under whose directions Indian citizens were snooped?

The Facebook-owned instant messaging app, meanwhile, has regretted that it did not meet the “Government’s expectations for proactive engagement on these issues.” The Computer Emergency Response Team (CERT-In) had published a vulnerability note on May 17 advising countermeasures to users about a vulnerability in WhatsApp, according to Union Information and Technology Minister Ravi Shankar Prasad.

While the government has tried to shift the focus to WhatsApp, one needs to understand that WhatsApp is not the only gateway for Pegasus.  NSO employs various techniques to target and take control of a user’s phones as the Google Play Store and the Apple App store have end number of apps with inherent vulnerabilities and NSO like companies could easily enter the users network to steal personal and private information. Pegasus is a state-of-the-art spyware, and NSO charges an exorbitant sum for its product and services.

The government needs to investigate who in India can afford to hire NSO and is interested in targeting select activists, lawyers and journalists, especially when NSO itself claims that it sells the software only to government agencies. The government must also explain what steps it is going to take to ensure that privacy as a right is protected. Ironically, the Israeli Company NSO says on its website that “NSO products are used exclusively by government intelligence and law enforcement agencies”, making the government itself a suspect in this snoop gate. We need strong data protection laws to ward off dangers to privacy.