- A Citizen Lab report shows one operator, code named Ganges, has been installing the spyware Pegasus on phones in India since 2017 and is still active.
- The spyware was installed using telecom operators including Bharti Airtel, MTNL, Hathway, and the National Internet Backbone.
- The report also suggests that the operator ‘may indicate political themes in the targeting’.
NSO Group’s
spyware attack on WhatsApp may only be the tip of the iceberg. While the
WhatsApp hack was only reported in
May, another operator has been hacking Indian users with Pegasus since 2017.
An investigation by
Citizen Lab shows that India was one of the primary targets for an operator dubbed Ganges. According to the report, Ganges has been installing NSO’s flagship spyware,
Pegasus on phones for the past two years.
The report also points out that the operator may have used political themes to target users because one of the domains used was ‘signpetition[.]com’.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More Internet and telecom providers infected
Bharti Airtel, the government run Mahanagar Telephone Nigam Limited (
MTNL),
Hathway, and Star Broadband Services are suspected of being infected with Pegasus.
Citizen Lab also concluded that the National Internet Backbone (NIB) is also one of the points of entry for Ganges. NIB provides nation-wide connectivity to all internet service providers (ISPs) — and their customers, which means anyone with an internet connection would be vulnerable.
The only point of respite is that unlike the WhatsApp hack where the user had no control over whether or not they would be the receipt of a missed call that would infect their phone, Ganges requires a user to interact with the domain link in order to access their system.
More questions than answers
The Indian government is demanding a response from WhatsApp over the NSO Group allegedly
hacking 121 Indian users. But Citizen Lab’s report indicates that the problem is more expansive and still prevalent.
WhatsApp launched an update to counter the bug that NSO was exploiting but Ganges is still presumed to be active. And the Whatsapp hack only came to light in May 2019, while Ganges has been around for at least two years.
It’s possible that Pegasus was also being used for surveillance since it specifically hacked into Bharti’s Airtel’s GPRS Service. This would allow the software to track users with their location sensor was enabled.
Ganges also infected users in Brazil, Pakistan, Singapore and Bangalore but most of its net was cast out over India.
Overall, Citizen lab has identified 36 likely operators around the world and 45 that have been infected with Pegasus.
See also:
The shadowy firm behind WhatsApp hack is involved in 100 other spyware attacksWhatsApp spyware hack raises security concerns around its upcoming payments serviceHere’s why Facebook is suing the NSO Group over the WhatsApp hack