Pegasus spyware infected 45 countries between 2016 and 2018, targeted eight Indian telcos, shows Citizen Lab report

Citizen Lab, the University of Toronto’s ‘interdisciplinary laboratory’ that helped uncover the fact that Indian academics, lawyers, Dalit activists and journalists were being spied upon, had last year released findings about the reach and scope of Pegasus. This is the very same spyware that was used to carry out surveillance on at least 19 ( see list here ) Indians earlier this year. “Between August 2016 and August 2018, we scanned the Internet for servers associated with NSO Group’s Pegasus spyware. We found 1,091 IP addresses that matched our fingerprint and 1,014 domain names that pointed to them,” reads Citizen Lab’s blog post dated 18 September 2018. The NSO Group is an Israeli technology vendor that, according to its website, “creates technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe”. [caption id=“attachment_4874551” align=“alignleft” width=“380”] Representational image. Thinkstock[/caption] One such bit of technology is the mobile phone spyware suite called Pegasus. Essentially, the way this bit of spyware works is to penetrate the security features of the target’s mobile phone and instal itself on the system. Pegasus will then “send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity,” says the Citizen Lab post. All of this is triggered once the target clicks on a malicious hyperlink — ostensibly sent to the target by whoever is seeking to monitor her/his activities. Over the course of two years, Citizen Lab found Pegasus infections were reported in 45 countries, including Brazil, Canada, France, Israel, Pakistan, Singapore, South Africa, Switzerland and India. A total of 36 government operators — as NSO Group only sells its technology products to governments, a government operator is put in charge of operations — of Pegasus were found across the world. In Asia, an operator code-named Ganges was found to be running operations in Bangladesh, Brazil, Hong Kong, India and Pakistan from June 2017 onwards. The Citizen Lab post mentions that Ganges’ operations included ‘political themes’. According to the post, “We coded the domain names [of the malicious hyperlinks] to generate a Suspected Country Focus and assessed whether there were Political Themes in the domains, which might suggest politically motivated targeting.” The following telecom operators, including eight in India, were believed to have been targeted by Pegasus:

The post notes that the domain name ‘signpetition[.]co’ was used with these malicious hyperlinks and that it’s possible that this “may indicate political themes in the targeting”.