NSA Ajit Doval can dial up his counterpart in Israel for info on spyware Pegasus and WhatsApp breach

Two years ago a disgruntled employee of the Israeli company NSO, which manufactures the spyware Pegasus, copied the software and offered to sell the pirated software on the Internet. The price he asked was 50 million US Dollars, approximately 350 Crore in Indian Rupees.

While the employee, who had worked in the company for less than three months and was furious because his work was deemed unsatisfactory, was arrested within three weeks after the company was alerted by prospective buyers and the Israeli Government.

Western media reports also suggest that the price the company charged for hacking just 10 phones ran into Crores of Rupees. So, the question is, if the Government of India did not buy the spyware, as it has claimed, was it sold to some other entity in India which bought it on the Government’s behalf, maintained it and allowed the Government data and details as and when it needed ?

Canada based Citizen Lab in its report last year (see graphics) had concluded that there seemed to be just one or two operators in India, as opposed to three or more in several other countries. If that information is correct, all that the NSA Ajit Doval needs to do is to call up his counterpart in Israel and get the information.

As for the use of the spyware, Indian media have tracked down at least 17 Indian activists, journalists and lawyers who were contacted by Citizen Lab over the last 10 days or so and warned that they were under surveillance. Citizen Lab researchers had warned that “ once downloaded onto a phone (via a website link in a text message or email), the software can do anything that users can do, including read text messages, turn on the camera and microphone, add and remove files, and manipulate data.

The NSO apparently claimed the following benefits of the spyware to its clients:

This is what we know till now:

1. The Israeli company manufacturing the spyware was set up in 2008 and made its first prototype in 2011.

2. New York Times reported in 2018 that the company was set up with blessings of global intelligence agencies.

3. The company has been engaged in law suits from Cyprus, Israel itself and now in the US, which may explain its attempts over the last few years to sell the company.

4. The spyware Pegasus is sold only with the permission of Israel’s Ministry of Defence.”

5. According to a 2016 price list, NSO charges customers $650,000 to hack 10 devices, on top of a $500,000 installation fee.

6. Leaked emails reported in western media had exposed how the company had accessed details from the smart phones of the Emir of Qatar, a London based editor and a Saudi prince to impress its client in the UAE.

7. Pegasus, named after the Greek mythological winged horse. A mobile surveillance tool, Pegasus could collect vast amounts of previously inaccessible data—including phone calls, texts, emails, contacts, location and any data transmitted over apps like Facebook, WhatsApp and Skype—from smartphones without leaving a trace.

8. While the Israeli company, NSO, claims it sells the spyware only to government agencies, there is no clarity if industrial houses also have secured access to the spyware.

9. Pegasus, it is now known, can switch on the microphone and camera on smart phones, access text messages on SMS, steal passwords, extract files and call records besides WhatsApp chats and location of the user.

10. The spyware can be programmed to self destruct.

11. It is now known that Canada based Citizen Lab got in touch with several Indian activists, journalists and lawyers to warn that they were being snooped on.

12. The spyware is installed in the phone by making a call to the number on WhatsApp. Even if the call is not answered, the spyware can be installed. The call leaves no trace.