All you need to know about Pegasus
The spyware that started it all
Pegasus, the spyware sold by Israel’s NSO Group and Q Cyber Technologies that is believed to have broken through encrypted communication systems such as WhatsApp, can concurrently monitor about 50 smartphones.A person who runs a private cybersecurity firm and has seen Pegasus’ snooping capabilities up close said that the spyware can monitor up to 500 phones in a year, but can only track a maximum of 50 at one go. He said it costs about $7-8 million per year to license Pegasus.Facebook-owned WhatsApp’s court filings in the US show a contract with a Ghanaian company for monitoring 25 phones.
WhatsApp filed a lawsuit in a California court on October 29, alleging that NSO Group gained unauthorised access to its servers and communication service.Court filings allege that the Israeli company reverse-engineered the messaging app and developed a program that copied WhatsApp’s network traffic to target devices over the app’s servers. Targeted individuals included lawyers, journalists, human rights activists, political dissidents, diplomats and senior foreign government officials.
Following the paper trail
In February 2019, the NSO Group was acquired by its management from private equity firm Francisco Partners, cofounded by Dipanjan Deb. The acquisition was led by NSO Group’s cofounders Shalev Hulio and Omri Lavie.The acquisition was funded by European PE fund Novalpina Capital, according to a February 14 press release from Francisco Partners that is part of the court filings in the US. Interestingly, the press release is no longer available on the Francisco Partners website.
Was the state using the spyware?
Representatives of Toronto-based cyber security group The Citizen Lab, which investigated the breach on behalf of WhatsApp, reportedly told the individuals targeted in India that it is possible some state agency had used the spyware.India’s former national cybersecurity coordinator Gulshan Rai said, “Every government looks at cyberdefence seriously, including ours. We are also starting our own capabilities. A lot of the focus now has moved towards domestic sourcing. They are actively funding startups in the space… We have CERT-In (the nodal government agency that deals with cybersecurity threats). The MHA (ministry of home affairs) is looking at forensic labs. The government is taking a lot of steps.”
The program, or ‘agent’ as it is called, can not only survive a system reboot but also a factory reset and operating system upgrades. It is capable of extracting all data and access all communications through messaging services such as BlackBerry Messenger, WhatsApp, Viber, Skype, Facebook Messenger, Telegram, Line, WeChat and Tango. It can also monitor keystrokes and retrieve files, and turn on the cameras and microphone of a mobile device.The language of the contract with Infralok seems to suggest that NSO Group was aware the Ghanaian company was not the real client, and hence the contractual assurances, obligations and responsibilities were aimed at the end user.