It is not just the state-of-the-art but also accommodating. When Pegasus, the cyber intelligence tool by the NSO Group from Israel, realizes that your smartphone battery is below 5%, it stops snooping on your phone.
The revelation that the spyware called Pegasus was being used for the surveillance of journalists and human rights activists in India, confirmed by WhatsApp to The Indian Express, has left members of both fraternities frazzled.
The names of those spied upon are still coming out, and a look at the user manual of the so-called spyware reveals that it a carefully crafted spying tool which they had been warned about. The matter began with a complaint in a district court in California by WhatsApp and its parent company Facebook against NSO Group Technologies Ltd. And Q Cyber Technologies Ltd, proprietors of Pegasus.
The head of WhatsApp has written about why the company has gone after the owners of Pegasus in court in an opinion piece for The Washington Post, saying there was a “disturbing pattern to the attack” in that it “targeted at least 100 human-rights defenders, journalists and other members of civil society across the world. This should serve as a wake-up call for technology companies, governments and all Internet users. Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk.”
However, what are the capabilities of Pegasus and software of the ilk that civil society and the powers that be should be wary of?
The Pegasus user manual introduces the spyware as a “world-leading cyber intelligence solution that enables law enforcement and intelligence agencies to remotely and covertly extract valuable intelligence from virtually any mobile device.” It says that it was developed by senior intelligence officials “to provide governments with a way to address the new communications interception challenges in today's highly dynamic cyber battlefield.”
The makers list a series of challenges that have to be overcome to shadow a smartphone, citing encryption services (like WhatsApp) and SIM replacement among many challenges they overcame.
They mention that smartphones of any operating system can be subject to the spyware, mentioning that the “solution is able to penetrate the market's most popular smartphones based on BlackBerry, Android, iOS and Symbian operating systems.”
Among the many benefits of Pegasus as listed are “unlimited access to target’s mobile devices”, intercepting calls, monitoring applications, real-time monitoring of the target and even discovering virtual identities. It says that Pegasus is “totally transparent” to the targeted user and that it “leaves no trace on the device”.
“Pegasus silently deploys invisible software ("agent") on the target device. This agent then extracts and securely transmits the collected data for analysis. Installation is performed remotely (over-the-air), does not require any action from or engagement with the target, and leaves no traces whatsoever on the device.” Simple.
What kind of data can Pegasus extract though? The tool can intercept text, visual, audio, files and even your location and relay it across in encrypted, compressed files. There are three modes of collection, probably grading the level of surveillance a target is subject to: “Initial data extraction”, “Passive monitoring” and “Active collection”.
Here are a few screen-grabs from the brochure on how the visualisations of data collected work:
While the first mode includes getting SMS and call records, the second increases the level of surveillance to location monitoring. A person subject to active collection can have files extracted from their phone, or the added benefit of “Screen capturing”.
Interestingly, the spying tool does take care of the fact that your battery doesn’t run out on you and stops transmitting data from your phone when it hits 5% battery. It also stops when the phone is in roaming mode so as to not alert the target to a higher phone bill due to excessive data use. “When the device is roaming, cellular data channels become pricy, thus data transmission is done only via Wi-Fi. If Wi-Fi does not exist, transmission will be ceased,” says the product brochure, helpfully.
When the job is done, Pegasus is also very discreet. It has a self-destruct mechanism. “In general, we understand that it is more important that the source will not be exposed and the target will suspect nothing than keeping the agent alive and working.”