Pegasus: What is this surveillance tool and all that it has hacked into before

WhatsApp has accused Israel-based NSO Group of spying on at least 1,400 users worldwide through the messaging platform.


All hell broke loose after an Indian Express report on October 31st, 2019, stated that WhatsApp had confirmed that Israeli spyware, Pegasus, had been used to snoop on at least two dozen journalists, activists, academics and lawyers. Popular messaging platform WhatsApp and Israel based surveillance group NSO, are under fire for charges of spying on lawyers, activists, senior government officials and politicians in around 20 countries across the world, including India. While the Government of India has asked WhatsApp to explain the breach in privacy and has taken it to task for not disclosing the breach to officials, WhatsApp has said that it had resolved a security issue in May, this year and had notified Indian and international governments.

On its part, WhatsApp has also sued the NSO Group in a Federal court in San Francisco and has accused it of using the platform’s servers in the United States and other countries to send malware to approximately 1,400 mobile phones and devices for the purpose of surveillance of the target users. WhatsApp had taken the help of The Citizen’s Lab, an interdisciplinary laboratory based out of the University of Toronto, to uncover the spyware that had infiltrated its user base.

Critics have also questioned the Indian government’s involvement with some pointing to Pegasus makers’ claim that it sells the spyware only to government agencies. Further, worldwide, around 36 Government operators of Pegasus has been found, while an operator named Ganges has been found to run the spyware operations across Bangladesh, Brazil, Hong Kong, India and Pakistan.

What is Pegasus?

Pegasus, also known as QSuite and Trident, has been designed by the Israel based cybersecurity company, NSO Group, which, as per its website, provides "authorized governments with technology that helps them combat terror and crime". The NSO Group was founded in 2010 by Niv Carmi, Omri Lavie and Shalev Hulio near Tel Aviv. After opening a sales and marketing wing in the United States, Francisco Partners, a San Francisco based private equity firm, acquired a majority stake in the NSO Group of USD 120 million. Early 2019, the founders, with the help of London based firm Novalpina Capital, bought back all their shares.

As per the Group’s website, Pegasus, one of the most sophisticated spyware ever designed, “allows remote and stealth monitoring and full data extraction from remote target devices via untraceable commands.”The software, which has been around for three years, works by infiltrating smartphones by sending a link. If the user clicks on the link, the spyware gets installed in the device. With WhatsApp, the spyware targeted a vulnerability in its VoIP stack, and by giving a missed call on to the user’s device, the spyware infected the device.

Once Pegasus infects the phone, it can steal the user’s password, text messages, calendar events, contacts and will even allow hackers to access phone’s microphone, camera and even GPRS for live tracking. The spyware is completely stealth and carries on instalment and surveillance procedures without the user ever knowing anything.

Previous spying allegations

This is not the first time that NSO Group has been under fire over spying allegations. Over the years since it has been developed, the spyware has allegedly been used a few times:

Jamal Khashoggi: In 2018, Omar Abdulaziz, a friend of slain Saudi journalist Jamal Khashoggi, filed a lawsuit against NSO Group for allegedly hacking into his phone and extracting data about his conversations with Khashoggi. The Citizen Group, which confirmed the hacking, said that the spyware allowed the Saudi Government to keep track of Khashoggi and plan his brutal murder.

Ahmed Mansoor: As per the Citizen Lab, United Arab Emirates-based internationally recognised human rights defender, Ahmed Mansoor, received messages on his phone on August 10 and 11, 2016, promising ‘new secrets’ about detainees tortured in UAE jails, if he clicked a link. Rather than clicking on the message, though, Mansoor forwarded it to Citizen Lab which established the links as belonging to the NSO Group. According to the Lab, Pegasus used a chain of zero-day exploits to break into Mansoor’s iPhone 6.

Jeff Bezos: There were also rumours of NSO’s software being used to target Amazon founder Jeff Bezos’ phone. The National Enquirer had published photographs and private text messages that Bezos had reportedly shared with news anchor and television host Lauren Sanchez, immediately after he announced that he was divorcing his wife, MacKenzie. NSO Group has, however, denied any involvement and has released a statement confirming the same.

Joaquín Guzmán Loera: Known as El Chapo, one of the world’s most wanted men, Mexican drug lord Joaquín Guzmán Loera’s phone was hacked using the Pegasus spyware, which played a major role in his capture. The then Mexican president Felipe Calderón reportedly called NSO to thank them for the spyware and its role in helping capture the drug lord. This was also the first official sale by NSO to any Government.