- A Citizen Lab report shows one operator, code named Ganges, has been installing the spyware Pegasus on phones in India since 2017 and is still active.
- The spyware was installed using telecom operators including
Bharti Airtel , MTNL, Hathway, and the National Internet Backbone. - The report also suggests that the operator ‘may indicate political themes in the targeting’.
An investigation by Citizen Lab shows that India was one of the primary targets for an operator dubbed Ganges. According to the report, Ganges has been installing NSO’s flagship spyware, Pegasus on phones for the past two years.
The report also points out that the operator may have used political themes to target users because one of the domains used was ‘signpetition[.]com’.
Internet and telecom providers infected
Bharti Airtel, the government run Mahanagar Telephone Nigam Limited (MTNL), Hathway, and Star Broadband Services are suspected of being infected with Pegasus.
Citizen Lab also concluded that the National Internet Backbone (NIB) is also one of the points of entry for Ganges. NIB provides nation-wide connectivity to all internet service providers (ISPs) — and their customers, which means anyone with an internet connection would be vulnerable.
The only point of respite is that unlike the WhatsApp hack where the user had no control over whether or not they would be the receipt of a missed call that would infect their phone, Ganges requires a user to interact with the domain link in order to access their system.
More questions than answers
The Indian government is demanding a response from WhatsApp over the NSO Group allegedly hacking 121 Indian users. But Citizen Lab’s report indicates that the problem is more expansive and still prevalent.
WhatsApp launched an update to counter the bug that NSO was exploiting but Ganges is still presumed to be active. And the Whatsapp hack only came to light in May 2019, while Ganges has been around for at least two years.
It’s possible that Pegasus was also being used for surveillance since it specifically hacked into Bharti’s Airtel’s GPRS Service. This would allow the software to track users with their location sensor was enabled.
Ganges also infected users in Brazil, Pakistan, Singapore and Bangalore but most of its net was cast out over India.
Overall, Citizen lab has identified 36 likely operators around the world and 45 that have been infected with Pegasus.
See also:
The shadowy firm behind WhatsApp hack is involved in 100 other spyware attacks
WhatsApp spyware hack raises security concerns around its upcoming payments service
Here’s why Facebook is suing the NSO Group over the WhatsApp hack