Israel-based NSO Group’s Pegasus spyware is a potent tool. Very little is publicly known about Pegasus. The company will not even share which countries are actively using its tool. All it reveals is having “60 customers” across 40 countries. As for the money, the cost of one Pegasus license can be as high as Rs 70 lakh. With one license around 50 smartphones can be tracked.
The Rs 70 lakh per license figure is just an educated guess. The final price depends on the contract which is kept under wraps for the sake of government and government agencies’ privacy.
As per past estimates of 2016, for spying on just 10 people using Pegasus, NSO Group charges a minimum of around Rs 9 crore. As per a 2016 price list, NSO Group charged its customers $650,000 (Rs 4.84 crore at current exchange rate) to hack 10 devices, in addition to an installation fee of $500,000 (Rs 3.75 crore). These figures may seem quite high for any individual but any government, this is peanuts for getting vital intel about their targets.
Now, no government will just sign a contract to just snoop on 10 people. It’s like the more money you pump into Pegasus, the more people you can snoop on. And note that NSO Group’s technology is not operated by the company after the deal has been made. The company in its latest transparency report clarified, “NSO licenses Pegasus to sovereign states and state agencies, does not operate Pegasus, has no visibility into its usage, and does not collect information about customers.”
Pegasus requires a sophisticated IT infrastructure. NSO group employees visit their “customer” site to install the entire facility. As per the product brochure of Pegasus, “NSO is responsible to deploy and configure the Pegasus hardware and software at the customer premises.” The entire setup requires web servers, Communications Module, Cellular Communication Module, Permission Module, Data Storage, Servers Security, System Hardware installation, Operator Consoles and finally the Pegasus app.
Why is NSO Group’s Pegasus spyware so popular?
The answer is simple. It provides the best stealth and is virtually impossible to get rid of Pegasus from an infected phone. If you are sure that you are being tracked or you think that you have potentially upset any people in power that might justify the use of spending this kind of money then your best bet is to ‘destroy’ your phone and get a new number.
There’s no proven software to block Pegasus from communicating once it’s inside a smartphone. Also, if you happen to just change your phone number and insert a new SIM inside the infected phone, Pegasus would still continue working. Factory resetting the phone will be of little help too. Destroying your phone is the only way. As, if the phone has battery, Pegasus can activate the camera and microphone to capture your movements, track location, read SMS and more.
The Pegasus spyware works on devices running Android, iOS, Windows Phone, BlackBerry, Symbian and even Tizen.
To outsmart Pegasus, you can try dividing contacts and chats among several different phone numbers and handsets in such a way that the contacts and handsets are always isolated. But it is just a basic approach to deal with this stubborn spyware. Alternatively, you can wait for the Pegasus operator to abandon your phone. Once the spying mission is over, the Pegasus operator can hit the kill switch remotely to self-delete the Pegasus agent on the victim’s phone.
What makes Pegasus dangerous
Pegasus can be secretly installed on any phone. Stealth is the biggest USP of Pegasus and a victim will not be able to notice any difference after the phone gets infected. Phishing messages is the most popular way to install Pegasus on a victim’s phone for spying. Pegasus can be installed even if the victim’s phone number is not known. In case the attacker doesn’t have the victims’ phone number or email ID, the Pegasus agent can be silently injected once the number is acquired using a tactical network element such as Base Transceiver Station (BTS).