In my January 2019 book “I-SPY“, in the chapter on Mexico’s intelligence agency CISEN or Centro de Investigación y Seguridad Nacional, I had written about Israel’s spyware named PEGASUS.
PEGASUS starts with an SMS and can infect the phone to spy on the user, including using the camera and microphone. Created by Israeli company NSO Group, is a spyware to gather information from mobiles. The program is sold only to governments, and its main purpose is to monitor criminal and terrorist organizations. The text tricks the victim into accessing an external link. Sometimes, the SMS includes data or information close to the victim, a form of persuasion known as ‘social engineering’. Once the link is entered, the browser redirects the target to a NSO Group website, and Pegasus self-installs on the mobile phone.
Thus, whoever sends the spyware has access to the files on the device, such as videos, photographs, messages, emails and a list of contacts. It also allows to activate the camera and microphone of the mobile at any time, without the victim’s knowledge. In this way, the attacker monitors practically all of the victim’s daily life, the conversations he has and the information he shares. Once infected, it’s practically impossible to get rid of the spyware. The phone becomes a spy in your pocket. The tool was designed to exploit vulnerabilities in iOS devices, although it is also used in other devices. The vulnerabilities were corrected by Apple in August 2016 with iOS version 9.3.5, after it was discovered that Pegasus was used to spy on an activist in UAE. By that time, it had already been used in Mexico, which is one of the main clients of the NSO Group. Between January 2015 and July 2016, a series of cyber attacks took place against Mexican reporters and activists.
In June 2017, Pegasus was in the midst of a scandal in Mexico. Civil organizations said that the malware was used by the government to spy on journalists and human rights defenders. A spokesman said that the government carries out intelligence activities to combat organized crime and threats to national security, as per law, but that did not include reporters and activists.
Pegasus had been purchased by Mexico’s Secretariat of National Defence, the Attorney General’s Office, and CISEN.
Those affected included at least 12 reporters and activists who investigated cases of government corruption. It also includes lawyers who assisted family members of the 43 students of Ayotzinapa Rural Teachers’ College, who had been kidnapped in September 2014. Three of those affected were from the Miguel Agustín Pro Human Rights Centre, an independent organization that investigated cases such as the extrajudicial execution of 22 people in Tlatlaya town, in June 2014, as well as the Ayotzinapa kidnapping, among several other cases.
Others affected were five journalists, who had conducted investigations into cases of corruption and conflicts of interest, including the purchase of a $7 million mansion by Angelica Rivera, wife of then President Enrique Peña Nieto (December 1, 2012 to December 1, 2018). Another was a celebrated journalist who published a series of articles about the Federal Police killing 42 minors in Tanhuato, Michoacán, in May 2015. Also included were two activists of the Mexican Institute for Competitiveness, who had participated in the development of the legal platform of the National Anticorruption System, as well as three activists who had advocated the cause of taxation on soft drinks and sugary drinks.
Now, there seems to be a scandal of the possibility of the Government of India having used Pegasus, as telecast on Times Now. I don’t know the details of the allegations or the truth behind them, but this could be big – VERY BIG. It would be the correct thing for Home Minister Amit Shah, or even Prime Minister Narendra Modi, to come clean on whether GoI used Pegasus, and if it did, for what purpose?