The Pegasus spyware controversy: Basics Explained

A spyware developed by an Israeli firm has once again been used for surveillance against journalists, human rights activists and business executives. Smartphones were hacked to gather confidential information, according to an investigation by The Washington Post and 16 media partners.

Developers of the “Peagsus” software, the NSO Group, originally licenced it to governments to track terrorists and criminals.Pegasus’ is a spyware used to snoop into handsets. It has been claimed that even a missed video call on WhatsApp could give Pegasus complete access to users’ smartphones.

                     It enabled opening up of the handsets and the operator installing the spyware on the device without the owner’s knowledge.This resulted in the hacker accessing the user’s data including passwords, contacts, calendar events, text messages and even live voice calls from messaging apps.


Viruses and malware are programs that can attack computers, tablets, phones and other digital devices. By combining the words ‘malicious’ (meaning ‘harmful’) and ‘software’ we get the word ‘malware’.  Malware is a type of software that aims to infiltrate or damage a computer or information system without the consent of its owner.

Viruses are just one type of malware. Other types include spyware, worms and trojans.

            A virus is a small program designed to cause trouble by gaining access to your device. It can copy your personal data or slow your device down. A virus spreads by duplicating and attaching itself to other files.

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems.


Cyber security environment in India is fast changing, facing many sophisticated cyber security problems and challenges, due to growing realization of threats of cyber attacks and cyber crimes.

Cyber threats can be disaggregated, based on the perpetrators and their motives: cyber espionage, cyber warfare, cyber terrorism, and cyber crime. Cyber attackers use numerous vulnerabilities in cyberspace to commit these acts. They exploit the weaknesses in software and hardware design through the use of malware, spam, phishing and social networking sites. India, with respect to above context, is vulnerable to cyber espionage, cyber terrorism, cyber warfare and cyber crime and cyber security scenario in India is one of relative chaos and a sense of insecurity is arising out of the periodic reports of cyber attacks.


National Cyber Security Policy -2013

To build a secure and resilient cyberspace for citizens, businesses and Government; to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

Information Technology Act 2000

An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto; promote the IT industry, regulate e-commerce, facilitate e-governance and prevent cybercrime.


An enabling Legal Framework – Setting up of think tanks in Public-Private mode to identify gaps in the existing policy and frameworks and take action to address them. This includes addressing privacy concerns of on-line users.  As the digital world is much more complex, there is a need to train judiciary, law enforcement agencies and legal practitioners about the cyber crimes, collection of digital evidences and cyber forensics.

R&D – Creation of Centres of Excellence in identified areas of advanced Cyber Security and Centre for Technology Transfer to facilitate transition of R&D prototypes to production, supporting R&D projects in thrust areas.

Security Incident – Early Warning and Response- Comprehensive threat assessment and attack mitigation by means of net traffic analysis and deployment of honey pots, development of vulnerability database.

Security awareness, skill development and training – Launching formal Security Education, Skill Building and Awareness Programmes.  Setting up of Centres of excellence in Cryptography, Malware Research, Mobile Security and Cyber Forensics,

Collaboration – The Cyber space is borderless and actions in the cyber space can be anonymous so there is need to establish a collaborative platform, Focus on proactive and collaborative actions in Public-Private Partnership / think-tank for cyber security policy inputs, discussion and deliberations, operationalisation of security cooperation arrangements with overseas CERTs and industry, and seeking legal cooperation of international agencies on cyber crimes and cyber security. Cyber Security requirements are quite dynamic that change with the threat environment. Threat landscape needs to be updated regularly to prevent emerging attacks. Collaboration among various agencies is needed to share information regarding emerging threats and vulnerabilities, technical complexity of cyber space and availability of skilled resources, which would help in effective protection and prevention of cyber attacks.


Leave a Comment


Welcome! Login in to your account

Remember me Lost your password?

Lost Password