Pegasus, experts believe, has been in circulation at least since 2016.
Nearly two years after it first came to light that a sophisticated spyware developed by an Israeli firm could take over the control of mobile phones without the knowledge of the owner, the Pegasus scandal has resurfaced and revived a massive political row. Unlike the last time, the scandal has grown in proportion ensnaring heavyweight politicians and influential figures. With names of targets of potential hacking coming out in instalments, here is a quick guide to the case.
How Does Pegasus Spyware Get Into Your Phone?
Pegasus is said to be so sophisticated that it does not require a mobile phone user to click or open a text or visit a web page to get activated. It works very clandestinely without raising any red flags. The malware, experts believe, has been in circulation at least since 2016.
Once it has made its way into your phone, it can turn the device into a 24-hour surveillance system. The malware works on Windows and Mac computers, and also on Android and iOS smartphones. It can be delivered via email, SMS, WhatsApp or using the sophisticated '0-day' vulnerability exploits, which are unknown even to device manufacturers. It can copy texts you send or receive, collect your photos and record your calls.
The Data
The global reportage, including by The Guardian and The Washington Post, has been triggered by trove of data first accessed by Forbidden Stories, a Paris-based non-profit, and Amnesty International. Forbidden Stories says the list it has shared with the global media outlets comprises intended targets of Pegasus. However, the parties involved in the Pegasus Project have clarified that just because a phone number appears in the data does not automatically mean it was successfully targeted.
Pegasus In India
A consortium of 17 global media outlets, including The Wire from India, has published reports, detailing the number of people who could have been hacked using Pegasus. More than 300 phone numbers in India appeared on the list, according to a months-long collaborative investigation by The Wire, The Washington Post and other media partners in 10 countries. Besides key politicians, over 40 Indian journalists and a constitutional authority were also found on the database of NSO as connected to people of interest since 2016, The Wire has reported.
Congress leader Rahul Gandhi, poll strategist Prashant Kishor - who was instrumental in ensuring a thunderous BJP victory in 2014 general election but later moved away from the party - and current IT Minister Ashwini Vaishnaw were potential targets of the spyware, according to The Wire.
Mr Vaishnaw, who was listed for surveillance in 2017, when he had not joined the BJP, said in Parliament on Monday called the reports a sensational story "without any substance". He said The Wire's report "clarifies that the presence of a number (on the list of potential targets) does not amount to snooping".
His predecessor and senior BJP leader Ravi Shankar Prasad, who was recently dropped from the Union Cabinet, added a fresh angle to the scandal, saying, "If more than 45 nations are using Pegasus, like NSO has said, why is only India being targeted?"
The Pegasus targets also includes Union Minister Prahlad Patel, according to The Wire. The leaked list had phone numbers not just of Mr Patel and his wife but 15 people linked to him, including his cook and gardener.
Virologist Gagandeep Kang, was a possible target of surveillance in 2018, while tackling the Nipah infection. Bengal Chief Minister Mamata Banerjee's nephew Abhishek Banerjee is also on the list. The family members of a woman who in 2019 accused then Chief Justice of India Ranjan Gogoi of sexual harassment were also potentially targeted. At least 11 phone numbers used by the woman, her husband and two other family members were on the list. Justice Gogoi was nominated to the Rajya Sabha last year.
Another name is that of Ashok Lavasa, a former Election Commissioner who had a dissenting opinion when the powerful election body decided on a clean chit on poll complaints against PM Modi and Amit Shah in 2019.
The Clients
According to The Wire, the NSO Group's client list likely includes the governments of Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates, as well as India. The reports say Amnesty International conducted a forensic analysis on a small sample of 37 phones - including 10 Indian phones - and found that they showed signs of a Pegasus infection. These phones belonged to journalists, politicians, businesspersons, legal and other professionals - not criminals or terrorists.
Who Can Be Infected With The Virus
The simple answer is everyone with a smartphone that's connected to the Internet. In iPhones, it has been reported, that the malware can gain access to even root or administrative systems, according to a report in The Guardian.
Based on the reportage so far, it can be safely said that it does not matter whether a person uses WhatsApp, Facebook, Telegram or Signal, their phone is vulnerable to Pegasus attack.