Pegasus, An Unexpected Outcome
A dangerous situation for constitutional government
The Pegasus project report published by “Forbidden Stories”, a lesser-known media organisation based in France, in conjunction with Amnesty International in July last year and now a report in the New York Times of January 28 show how the Pegasus malware could be used to tweak the strategic and economic policies of any country. The reports expose how the Israeli government leveraged supply of the malware to further its policies of drumming up international support for its continued occupation of Palestine.
The reports also expose the duplicity of the United States. On one hand it helped the Israeli company NSO that develops and supplies the malware by giving it crucial components and hosting it on Amazon servers. And on the other, it ensured that no US cell phone number could be hacked with Pegasus malware and no foreign government would be able to access targets there. Hosting malware on its servers also gave it complete access to how the regimes in various countries were using the malware and against whom—a crucial input to assess the intentions of the rulers there, to finetune its foreign policy with the targeted countries.
However, the rulers in the US could not resist the temptation of using Pegasus for targeting cell phones there either. Hence began the cooperation for two years between the Federal Bureau of Investigation and NSO in 2019 during the Trump administration for developing and testing a “phantom” version of the malware exclusively to target US phones. The other version “zero-click” malware that was supplied to rest of the world could not configure US cell phones.
But perhaps the Biden administration realised the potential danger posed by the use of this malware in the electoral process in the country. Or, maybe it concluded that the NSO group had gone rogue and could be used by Republicans against Democrats. The problem with the US is that it only gets alarmed when the fire reaches its doors. The new administration went a step ahead by putting the NSO group on the entity list of organisations that “are contrary to the national security or foreign policy interests of the United States” on November 3, 2021 thereby angering Israel.
Therefore, it is no coincidence that the FBI decision not to deploy “phantom” spyware was soon followed by a “leak” of more than 50,000 phone numbers across 50 countries by “Forbidden Stories”. It has now been followed up by the report in the New York Times, a newspaper believed to be close to the Biden administration. Now that NYT has told the world that US servers were hosting the malware, it has cleared the fog as to where the “leak” originated last year.
The picture that emerges is simply scary to say the least. The world has become a dangerous place for political opponents, dissenters, human rights defenders, journalists, and freethinkers alike. They are at serious risk of life, personal liberty, and blackmail. Unlike other legalised wiretapping mechanisms, “zero click” and “phantom” malware provides access to all emails, photos, contacts, location and can even take control of the camera and microphone of the instrument.
India figures prominently among the countries whose data was “leaked” by “Forbidden Stories” last year. NYT now claims that the supply of malware to India was part of the agreements to purchase “sophisticated weapons and intelligence gear” concluded in 2017 during the visit of prime minister Modi to Israel.
So far the Government of India has evaded answering the crucial question as to whether it bought Pegasus spyware from the NSO group. Technically, the government is correct that there has not been any unauthorised interception, as Pegasus surveillance flies over the Indian Telegraph Act requiring mandatory sanction. Besides, all the footprints of the misuse of the malware are inside the computers of security agencies that as such aren’t subjected to any kind of scrutiny.
A dangerous situation for sustaining our seven decade old democracy and constitutional government. Equally dangerous is providing access of our national security data to Israel and the United States. Had this malware not scared the US, it would have conveniently used the intercepted data from NSO to arm twist and control world politics.
The biggest domestic fallout of the revelations would be that many in India will silence their communications on mobile and will not carry the spy in the pocket. The electronic surveillance feedback must have dried down by now. Everyone, who suspects they are under surveillance, would go for personal meetings instead.
It will seriously dent the government's espionage capacities. Besides, Prime Minister Narendra Modi will now find it difficult to track dissenters within his own party who may question his leadership, an unexpected outcome of revelations.
Even if NSO becomes defunct, the demand and supply of Pegasus' kind of malware will not diminish. There are other countries besides the US that want to control world politics and economy. China and Russia are two such countries, who could replace Israel.
Avinash Mohananey is a former Intelligence Bureau official and former Director General of Police in Sikkim.