Probe sought into Pegasus case
31, Jan 2022
Prelims level : Information Technology Mains level : GS-III Awareness in the fields of IT, Space, Computers, robotics, Nano Technology, Bio-Technology and issues relating to Intellectual Property Rights.
Why in News?
- Supreme Court advocate Manohar Lal Sharma has circulated in the media a signed online copy of a plea he claims to have filed in the Supreme Court for an investigation into an allegation made in a New York Times report that India bought Pegasus spyware from NSO of Israel.
Historical Background of the News:
- The Apex Court stressed that the power of the state to snoop in the name of national security into the “sacred private space” of individuals is not absolute.
- The court said it consciously avoided “political thickets” but could not cower when allegations involved a “grave” threat to the privacy and free speech of the entire citizenry and raised the possibility of involvement of the Government, or even a foreign power, behind the surveillance.
- The court said the petitions filed before it, including ones by veteran journalists N. Ram and Sashi Kumar, Editors Guild of India and victims of alleged snooping, had raised “Orwellian concerns” about an all-pervasive technology like Pegasus.
- The court said India could not remain mute in the face of Pegasus allegations when other countries across the globe had taken them seriously.
- A Bench led by Chief Justice of India N.V. Ramana had, in a 46-page order on October 27, set up an expert technical committee monitored by a retired judge of the Supreme Court, Justice R.V. Raveendran, to inquire into the allegations of spying and file a report.
- The order came after the Union government did not file a “detailed affidavit” in the court in response to the petitions, citing national security reasons, among others.
- The Justice Raveendran committee recently invited persons who suspect themselves of being snooped on to come forward and hand over their electronic equipment for technical examination to detect the presence of the spyware.
What is Pegasus?
- It is a type of malicious software or malware classified as a spyware designed to gain access to devices, without the knowledge of users, and gather personal information and relay it back to whoever it is that is using the software to spy.
- Pegasus has been developed by the Israeli firm NSO Group that was set up in 2010.
- The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
- Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed.
- These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.
Who were the Targets?
- Human Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm.
- Indian ministers, government officials and opposition leaders also figure in the list of people whose phones may have been compromised by the spyware.
- In 2019, WhatsApp filed a lawsuit in the US court against Israel’s NSO Group, alleging that the firm was incorporating cyber-attacks on the application by infecting mobile devices with malicious software.
Recent Steps Taken in India against Cyber Crime:
- Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
- National Cyber security Coordination Centre (NCCC): In 2017, the NCCC was developed to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats.
- Cyber Swachhta Kendra: In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.
- Indian Cyber Crime Coordination Centre (I4C): I4C was recently inaugurated by the government.
- National Cyber Crime Reporting Portal has also been launched pan India.
- Computer Emergency Response Team – India (CERT-IN): It is the nodal agency which deals with cybersecurity threats like hacking and phishing.
- Legislations in India:
- Information Technology Act, 2000.
- Personal Data Protection Bill, 2019.
- International Telecommunication Union (ITU): It is a specialized agency within the United Nations which plays a leading role in the standardization and development of telecommunications and cyber security issues.
- Budapest Convention on Cybercrime: It is an international treaty that seeks to address Internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It came into force on 1st July 2004. India is not a signatory to this convention.