Spy in hand
RECENTLY an investigation published by 17 well reputed media organizations and lead by France based non-profit journalists organization Forbidden Stories disclosed that Pegasus spyware was attempted and successfully employed for hacking of smart phones of high ranking government officials besides journalist and political activists by different governments around the world.
The list includes names of Pakistan Prime Minister Imran Khan and president of France Emmanuel Macron as well.
As per policy of makers of Pegasus spyware, the spyware is only sells to a government through ministry of defence of Israeli government for operations against terrorists and criminal.
However in the absence of any legal binding the authoritarian governments used the Pegasus spyware against their rivals, such as in India where BJP government used the spyware against their arch rival, the Congress leader Rahul Gandhi to gather data of his activities and political moves etc. Pakistan has attributed India for spying on PM Imran Khan smart phone using the Pegasus spyware.
The Foreign Office of Pakistan has condemned this Indian act and asked relevant UN bodies to investigate this Indian state sponsored spying attempt against Pakistan’s Prime Minister.
The Pegasus spyware was first emerged in 2016. At that time it used phishing type of hacking to steal data from android mobile devices.
The Phishing is a hacking method where social engineering is employed to lure the victim. A message or link is forwarded to intended target’s smart cell phone.
By opening link or message, the target is diverted to a suspicious web site which results in compromising of devices besides stealing of data including messages, photos, and videos.
As the users have become more educated about phishing type of hacking, the NSO group made the spyware more lethal.
Now the sophisticated version of spyware employs zero click hacking techniques which do not require any action from victim to trigger the spyware.
In 2019, it was observed that by simply calling the target through WhatsApp, Pegasus could surreptitiously downloads itself onto their smart phones, either android or iPhone.
In August 2020, Army media wing ISPR stated that espionage efforts by hostile intelligence agencies using mobile phones of high ranking official were thwarted and necessary steps were taken to avoid recurrence of such incidents. More recently, the spyware has exploited vulnerabilities in Apple’s iMessaging software.
This in turn has given access to over one billion Apple’s iPhones without knowledge of owner of the phone.
Information revolution has resulted diffusion of power. Renowned scholar Joseph Nye in his seminal work soft power argued that non state actors have same access to information as state actors. Non state actors are well poised to project information and influence intended targets.
Social networking platforms such as Twitter, Facebook or Instagram leverage non state actors to carry out their influencing operations. Use of cyberspace by non-state actors is often limited to low scale hacking for monitory gains or information operations by hack activists.
The most prominent use of cyberspace by non-state actors is Arab Spring or Facebook revolution which triggered regime change in some Arab states in 2011 and resulted instability in the entire region.
However non-state actors are unable to carry out any sophisticated cyber-attack against a nation state’s critical infrastructure
Contrarily in recent past military graded sophisticated cyber weapons were launched by nation states against their adversaries. In 2010, the Stuxnet cyber was launched by US presumably with the assistance of Israel, against Iranian nuclear installations.
It was first recorded incident when computer software destroyed a nuclear facility by altering machine cycles of the plant.
Similarly the Pegasus spyware is a state sponsored malware which was originally developed by NSO group of Israel and it was only sold to different government through Israeli Ministry of Defence for use against terrorists and criminals.
However some governments used this potent spyware against their political rival in their countries or launched against leadership of their rival countries.
Aftermath of disclosure of espionage attempt against leadership of Pakistan, the cabinet approved a draft cyber security policy.
The draft cyber security policy of the country outlines a roadmap to secure national critical infrastructure against cyber threats.
This include protecting internet based services, critical infrastructure, protecting government’s information systems and infrastructure, creating cyber security awareness, capacity building of law enforcement agencies and ministries etc.
Keeping in view the emerging cyberspace landscape, now it is mandatory for Pakistan to gain requisite capability to counter impending challenges.
The capability to defend against cyber threats and launching cyber offensive against adversary targets is need of the hour.
—The writer is contributing columnist, based in Islamabad.