Why is it in the news?
- Recently, former Egyptian MP was targeted with Cytrox’s Predator spyware, delivered via links on SMS and WhatsApp.
- Apple released an update to fix the bug used in the attack on MP’s device.
About the Spyware
History of spyware use against political opponents
- The Pegasus Project in 2021 revealed widespread use of spyware targeting more than 50,000 phone numbers in 50 countries.
- Spyware attacks have been reported in countries including India, Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the UAE.
- Spyware, such as Pegasus, was used to target journalist Jamal Khashoggi’s wife before his murder in the Saudi consulate in Istanbul.
Definition of spyware and commercial spyware
- Spyware is malicious software that infiltrates a device, gathers sensitive data, and transmits it to a third party without the user’s consent.
- Commercial spyware is used by governments and law enforcement agencies for legal investigations but has been exploited by authoritarian governments against political opponents.
- Commercial spyware like Pegasus can access and control a device’s camera and microphone without the user’s knowledge.
Methods of targeting devices
- Spyware can be delivered through malicious links, SMS messages, or network injections.
- Zero-day vulnerabilities, even unknown to device manufacturers, are often exploited to deliver spyware.
- Spyware is capable of zero-click attacks, infecting devices without user interaction.
- Between 2011 and 2023, at least 74 governments contracted with commercial firms for spyware or digital forensics technology.
- Autocratic regimes are more likely to procure targeted surveillance technologies.
- Various governments and agencies have been reported to use spyware, including India, the U.S., Mexico, the UAE, and Saudi Arabia.
Challenges and backlash against spyware firms
- Inconsistencies in democratic governments’ responses and regulatory fragmentation enable spyware use.
- The Pegasus Project led to the blacklisting of the NSO Group by the U.S., but other companies have filled the gap.
- Germany’s FinFisher and Italy’s Hacking Team were dominant players in the spyware market prior to Pegasus.
- Israel is the leading exporter of spyware, but concerns about human rights have not been adequately addressed in export licensing.
Tech Companies’ Responses
- Tech giants like Meta, Google, and Apple have taken steps to address spyware threats.
- Apple and Google have released updates to fix spyware-exploited software bugs.
- Apple introduced “Lockdown Mode” for high-risk individuals to protect against spyware attacks.
- WhatsApp pursued a lawsuit against NSO Group for exploiting its software, seeking an injunction and damages.
- The current U.S. administration has supported the lawsuit against NSO Group.
Recent steps taken in India
- Cyber Surakshit Bharat Initiative (2018): Spreads awareness about cybercrime and enhances the cybersecurity capacity of Chief Information Security Officers (CISOs) and IT staff in government departments.
- National Cybersecurity Coordination Centre (NCCC) (2017): Monitors internet traffic and communication metadata to detect real-time cyber threats.
- Cyber Swachhta Kendra (2017): A platform for users to clean their computers and devices from viruses and malware.
- Indian Cyber Crime Coordination Centre (I4C): Recently inaugurated by the government.
- National Cyber Crime Reporting Portal: Launched pan India to report cybercrimes.
- Computer Emergency Response Team – India (CERT-IN): The nodal agency dealing with cybersecurity threats like hacking and phishing.
- Information Technology Act, 2000.
- Personal Data Protection Bill, 2019.
- International Telecommunication Union (ITU): A specialized agency within the United Nations focusing on standardization and development of telecommunications and cybersecurity issues.
- Budapest Convention on Cybercrime: An international treaty addressing Internet and computer crime by harmonizing national laws and promoting cooperation among nations (India is not a signatory).
Types of Cyber Attacks
- Malware: Includes ransomware, spyware, worms, viruses, and Trojans, designed to cause harm to computers, servers, or networks.
- Phishing: Involves deceptive emails and websites to gather personal information.
- Denial of Service (DoS) Attacks: Aim to make a machine or network inaccessible by overwhelming it with traffic or causing a crash.
- Man-in-the-Middle (MitM) Attacks: Attackers insert themselves into two-party transactions to intercept and steal data.
- SQL Injection: Targets servers with malicious code to retrieve unauthorized information from databases.
- Cross-Site Scripting (XSS): Injects malicious code into websites, affecting users’ browsers when they visit the attacked site.
- Social Engineering: Manipulates human interactions to trick users into compromising security procedures and revealing sensitive information.