GS Paper 3
Topics Covered: Cybersecurity related issues.
Stressing that the power of the state to snoop in the name of national security into the “sacred private space” of individuals is not absolute, the Supreme Court has appointed an expert technical committee overseen by former Supreme Court judge R.V. Raveendran to examine allegations that the Centre used Israeli software Pegasus to spy on citizens.
What’s the issue?
The complaint of the petitioners is about the misuse or likely misuse of spyware in violation of the right to privacy of citizens.
The continued use of spyware Pegasus, which an Israeli company sells to governments worldwide, has been confirmed with fresh reports. Like the phones it targets, Pegasus has been apparently updated and now comes with new surveillance capabilities.
What is Pegasus?
It is a spyware tool developed by an Israeli firm, the NSO Group.
Spyware spy on people through their phones.
- Pegasus works by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone.
- Once Pegasus is installed, the attacker has complete access to the target user’s phone.
What can Pegasus do?
- Pegasus can “send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps”.
- The target’s phone camera and microphone can be turned on to capture all activity in the phone’s vicinity, expanding the scope of the surveillance.
What is a zero-click attack?
A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error.
- So all awareness about how to avoid a phishing attack or which links not to click are pointless if the target is the system itself.
- Most of these attacks exploit software which receive data even before it can determine whether what is coming in is trustworthy or not, like an email client.
What’s the Difference Between Malware, Trojan, Virus, and Worm?
Malware is defined as a software designed to perform an unwanted illegal act via the computer network. It could be also defined as software with malicious intent.
Malware can be classified based on how they get executed, how they spread, and/or what they do. Some of them are discussed below.
- Virus: A program that can infect other programs by modifying them to include a possible evolved copy of itself.
- Worms: Disseminated through computer networks, unlike viruses, computer worms are malicious programs that copy themselves from system to system, rather than infiltrating legitimate files.
- Trojans: Trojan or trojan horse is a program that generally impairs the security of a system. Trojans are used to create back-doors (a program that allows outside access into a secure network) on computers belonging to a secure network so that a hacker can have access to the secure network.
- Hoax: An e-mail that warns the user of a certain system that is harming the computer. The message thereafter instructs the user to run a procedure (most often in the form of a download) to correct the harming system. When this program is run, it invades the system and deletes an important file.
- Spyware: Invades a computer and, as its name implies, monitors a user’s activities without consent. Spywares are usually forwarded through unsuspecting e-mails with bonafide e-mail i.ds. Spyware continues to infect millions of computers globally.
Have you heard of Google Project Zero? Reference:
- About Spyware.
- About Pegasus.
- Differences between Spyware, malware and Trojans.
What is a zero-click attack? Discuss.
Sources: the Hindu.