NEW DELHI: Sometime in the latter part of 2017, a group of Israeli citizens, who represented an Israel based cyber intelligence company, NSO, made a presentation to senior police officers of Chhattisgarh on the advantages and use of using Pegasus software (the wide ranging use of Pegasus is mentioned in the latter part of the story) at the police headquarters in Raipur. Pegasus is a spying software, which was developed by NSO.
As per one of the official sources present at the meeting, the presentation was done in front of senior IPS officers who were primarily tasked with gathering intelligence.
These police officers were told by the representatives that this software, among other things, could convert “raw files” (encrypted files) generated between two users when they use WhatsApp voice call, to audible files that can then be easily played to hear what the users were talking about.
The presentation, which lasted around 20-25 minutes, could not fructify into anything “solid” as the price quoted by the representative of NSO for the software, about Rs 60 crore, for making it available to the Chhattisgarh police, was deemed to be too much. And the story ended there. Most probably.
However, what we can say with certainty is that, as one of the officials source aware of the matter said, “representatives of NSO had come to Raipur after making similar presentations to other private and state entities across India and they had further plans to meet other people in other states”.
As of now it is not clear that if this software was purchased by any other Indian individual or organisation or not.
The Sunday Guardian reached out to NSO seeking their response on whether they had marketed or given a demonstration of their product to anyone in India and if yes who these people or institutions were. The NSO, in its response, did not deny that the software was being used in India. It just said that it could not disclose who its clients were.
NSO said: “To protect the ongoing public safety missions of its agency customers and given significant legal and contractual constraints, NSO Group is not able to disclose who is or is not a client or discuss specific uses of its technology. However, the company’s products are licensed to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime.”
It further added: “Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years. The truth is that strongly encrypted platforms are often used by pedophile rings, drug kingpins and terrorists to shield their criminal activity. Without sophisticated technologies, the law enforcement agencies meant to keep us all safe face insurmountable hurdles. NSO’s technologies provide proportionate, lawful solutions to this issue.”
NSO, which was founded in 2010, reportedly by former Israeli intelligence officials, was “bought” back from US private equity firm Francisco Partners in February 2019 by Novalpina, a European private equity firm and New York investment bank Jefferies Group. Francisco had bought NSO in 2014. Jefferies group is the largest independent US banking and securities firm.
NSO is also facing a lawsuit filed by a Saudi national living in Canada for allegedly helping Saudi intelligence “infiltrate” the mobile phone of the now dead Jamal Khashoggi.
The Sunday Guardian also reached out Novalpine and Jefferies group for a response from their side. However, they chose not to respond.
The Sunday Guardian also reached out to the office of the Director General of Police, Chhattisgarh for his response. The response was not received until the time of going to the press.
The Sunday Guardian also contracted WhatsApp and shared the following queries with them:
- The suits filed by WhatsApp against NSO says that 1,400 numbers from Bahrain, UAE and Mexico were infected by the said app. Can you confirm that India based numbers were also infected?
- The suit says that these 1,400 numbers were infected between April and May 2019. Does that mean that no infection took place before or after April and May 2019?
- How many numbers using WhatsApp in India have found to be infected by Pegasus?
In its response to The Sunday Guardian, a WhatsApp spokesperson said:
“In May 2019 we stopped a highly sophisticated cyber attack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users. The nature of the attack did not require targeted users to answer the calls they received. We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened.”
It also added: “Indian users were among those contacted by us this week” which means that the number of Indian users is more than what have come out in the open till now.
WHAT IS PEGASUS CAPABLE OF?
“Unlimited access to target’s mobile devices: Remotely and covertly collect information about your target’s relationships, location, phone calls, plans and activities—whenever and wherever they are.
“Intercept calls: Transparently monitor voice and VoIP calls in real-time.
“Bridge intelligence gaps: Collect unique and new types of information (e.g., contacts, files, environmental wiretap, passwords, etc.) to deliver the most accurate and complete intelligence. Handle encrypted content and devices:
“Overcome encryption, SSL, proprietary protocols and any hurdle introduced by the complex communications world.
“Application monitoring: Monitor a multitude of applications including Skype, WhatsApp, Viber, Facebook and Blackberry Messenger (BBM).
“Pinpoint targets: Track targets and get accurate positioning information using GPS.
“Service provider independence: No cooperation with local Mobile Network Operators (MNO) is needed.
“Discover virtual identities: Constantly monitor the device without worrying about frequent switching of virtual identities and replacement of SIM cards.
“Avoid unnecessary risks: Eliminate the need for physical proximity to the target or device at any phase Technology Highlights.”
These are not our words but the product description of Pegasus which it shared with potential buyers. The Sunday Guardian has a copy of the ‘brochure’.
HOW DOES THIS SNOOPING TAKE PLACE?
All this is achieved by Pegasus software by “silently pushing an sms, mms, email, push message or a link that leads to the installation of the software on the device of the intended target. This method does not require target engagement.”
As per the NSO, clicking the link triggers a silent installation which runs in the background. Once the application is installed it can extract everything from the mobile or the computer system including call log, SMS, email, WhatsApp messages and call logs and similar data that is generated while using other apps including Telegram, Skype and Facebook messenger.
It can also record calls, share location, do logging of keystroke, click pictures using front and back camera access, capture screenshot, record sound and retrieve files.
It can further get hold of Wi-Fi, browsing history, calendar and sound an alarm when two “targets” meet or give out an alert when the target enters a specific area. It also alerts the user when the target makes or receives a call or send an SMS.
HOW DID THIS SNOOPING BECOME PUBLIC?
On 29 October, WhatsApp, which is owned by Facebook, filed a suit against NSO for illegally using WhatsApp to spy on people. As per the application by WhatsApp, which it filed in front of United States District Court for the Northern District of California, NSO infected 1,400 mobile phone users between the two months of April 2019 and May 2019.
The suit mentions that users residing in Kingdom of Bahrain, the United Arab Emirates and Mexico were among those who were affected.
More importantly, Facebook found that NSO’s clients were not limited to government agencies but also private entities who used Pegasus to spy on their targets. The targets, as per the WhatsApp affidavit, included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.