The Pegasus Spyware incident that happened in India was a glimpse into what zero-click attacks are capable of doing. What seemed like an overnight turn of events was in fact the result of a global collaborative investigation project.
Here’s how it went.
A major journalistic investigation, revealed that around 50,000 telephone numbers were focused and targeted by a spyware developed by an Israeli programming organization, NSO Group.
NSO developed advanced software and sophisticated solutions exclusively for intelligence agencies. The sole reason ironically being “for saving lives through forestalling wrongdoing”, as claimed by the organization.
From a list of more than 50,000 phone numbers, journalists were able to identify around 1,000 people from 50 different countries.
These people were reportedly under surveillance by the Pegasus spyware, NSO’s flagship product.
From a rundown of more 50,000 phone numbers, journalists identified 300 verified phone numbers from India, including those of politicians, a sitting judge, journalists, and several business persons.
What is Pegasus?
In simple terms, Pegasus is an example of a spyware.
A spyware is any malicious software with the intention to enter your computer, laptop or mobile, to collect all of your information. They keep a log of every action you perform on your device, and forward it to an outsider without your consent.
Pegasus, created by NSO Group, is maybe the most impressive and the strongest spyware made at any given point. It can penetrate cell phones — Android and iOS — and transform them into reconnaissance gadgets.
Pegasus takes advantage of unresolved vulnerabilities, or bugs, in Android and iOS.
This means, your phone could be easily infected or can be at risk regardless of whether it has the most recent security patch installed.
Pegasus could easily penetrate a device with a missed call on WhatsApp and could even erase the record of this missed call. This makes it untraceable for the user to realize that they are attacked with spyware.
Apple devices are generally considered more secure than Android and other OS. But even Apple doesn’t ensure 100% security as Pegasus easily exploits bugs in iMessage.
Here’s what Pegasus does with your Data
Pegasus can collect and steal pretty much any information on your mobile device.
This includes messages, SMS, contacts, call history, schedules, and data related to your browser like history and cookies.
It can also utilize your phone’s microphone to record calls, can turn your camera on, film you, or even track your location with GPS.
Once Pegasus is in your device it can:
- Collect and steal your photographs and video.
- Record your call and send the conversation recorded to some third person without your consent.
- Share your location. It logs your location by monitoring you with GPS.
- Take a backup of your messages, SMS or from any other application like WhatsApp.
- Take screenshots and record keystrokes and also have access to your contacts.
Pegasus Attack in India
After an effort of international journalism to investigate, it was revealed that various governments from different countries were using Pegasus software to spy on opposition politicians, journalists, business persons and government officials.
The investigation uncovered that Indian government also used Pegasus software to spy on around 300 people.
The Result
In India, the Pegasus project has shaken the political foundation.
As the parliamentary meeting started of, the plan was overwhelmed by reports of the hacked mobile phone numbers.
The head of Congress party, Rahul Gandhi, a few of his close allies, as well as some of other political leaders, journalists, and a sitting judge were all on the list.
Congress individuals blamed Narendra Modi’s administration for “treachery”, and required the acquiescence of the home minister, Amit Shah.
The discussions and opposition in parliament got so heated that the meeting was dismissed twice the following day.
On the other end, the newly appointed information technology minister, Ashwini Vaishnaw stated that “their stories are an attempt to malign Indian democracy and its well-established institutions”.
Later, in the leaked list of numbers, Mr Ashwini’s mobile number emerged too.
How to protect your online identity using VPN
This Pegasus attack that landed a whole week’s worth of broadcasting naturally shook the nation’s common people as well.
Although it is better to keep your devices protected at all times, it is understandable why the concerns are peaking post this event.
On a brighter note,
Pegasus doesn’t come easy. It is a complex spyware and exorbitantly priced. So it is very rare that a common user will be the target and encounter it.
However, there are several other ways hackers can steal your information for other purposes.
Think of this:
Do you connect to the public Wi-Fi at your favorite café, or hotels, or even at the airport?
If you do so without a VPN installed in your device, you are pretty much laying out your data on a silver plate for hackers to feast upon.
RULE OF THUMB : ALWAYS KEEP YOUR DEVICE SECURED!
Here’s how:
- Whenever we talk about security on the web, the first thing that comes to our mind is VPN. Everyone should use VPN while surfing the web as VPN encrypts data and hides your IP address. VPN helps you in protecting your data, hiding your identity from attackers, protecting your device and passwords and many more. Also VPN is very easy to set up, so it is very much recommended to always use a VPN.
- Don’t open any link from an unknown number. Only open links if it is from your trusted contacts. Pegasus was deployed in Apple devices solely using iMessage links.
- Avoid using free and public Wi-Fi service. Also avoid using Wi-Fi service by cafes and hotels. Again VPN is a good solution if you want to access these kinds of networks.
- Always keep your devices updated. Security patches frequently roll out for mobile devices. Make sure your device is up-to-date and running on the latest updates and security patches.
- Limit the physical access to your device. Never let anyone touch your device if you don’t trust that person. Always keep your phone and files password protected. You can even ensure your phone security by using biometrics.
Conclusion
These are some effective ways to minimize the threat of a possible attack.
You still have to be more cautious as these steps don’t guarantee complete safety.
Also there are a number of good VPNs in the market right now and after the Pegasus incident, most of the people are using trusted VPNs.
Digital Dart tops our rundown of most trusted and secure VPNs right now. Digital Dart is one of the most secure VPN which uses the most secure OpenVPN protocol. This VPN service is lightning fast and establishes a very secure network.
Leave a Reply