The Indian government allegedly hired an Israel-based company NSO to conduct surveillance on political leaders, journalists, constitutional authorities, and its leaders as well.
The Pegasus software that the NSO group used was so advanced that it can get activated on an individual’s phone by simply giving a missed call. Once activated, it can transfer all the activities of the mobile phone owner to the company’s server.
Now the million-dollar question is what to do to protect your device and privacy from such surveillance. Cybersecurity experts suggest five steps that can protect you from any surveillance provided you practice all of them:
Get a regular forensic examination done of your device: There are many anti-spy and anti-virus software available which can help track the spyware on an android-based mobile device. This is useful to some extent but cannot ensure complete protection. Experts say that people should take such anti-spy software from verified sources else they can act as a spy themselves.
“Researchers at Amnesty International have publicly released the indicators of compromise (IOCs) that are known to be used by NSO to deliver Pegasus on GitHub,” Shivam Shankar Singh, a cybersecurity researcher and a co-author of The Art of Conjuring Alternate Realities: How Information Warfare Shapes Your World (HarperCollins, 2021), said.
He added, “Any individual can back up their phones and then use tools like MVT (Mobile Verification Toolkit) to look for the indicators identified. This would allow them to check for traces of Pegasus on their device.
Don’t use one mobile device for very long: When you change your mobile device, the software downloaded and activated on the device cannot automatically transfer to the other phone with the transfer of the sim card. But the surveillant can find it out very soon that you have changed the device when he wouldn’t receive any data from your mobile. It can again use the same way to download and activate the spyware.
Don’t click on suspicious messages or links: This is the biggest cybersecurity threat today as people, unaware of the impending fraud, clink on such messages and the spyware gets installed and takes control of the device. It can access the bank account details, personal call logs, and all other stuff that needs to be secured.
“In the majority of cases, this is used for identity theft or financial fraud. The cyber frauds data show that it is on the rise with the increase in digital connectivity. User education and digital literacy are important to tell people how to use mobile devices,” Apar Gupta, executive director, Internet Freedom Foundation, an organization that defends online freedom, privacy, and innovation in India.
He adds, “The technical safeguard which is they're both on our devices as well as our service providers portal such as banks, etc need to be improved tremendously.”
Keep your mobile phones delinked to the PC: A spyware like Pegasus is a zero-click or no-click software which means it gets activated on a mobile device even if the user doesn’t click on any link. It calls for a high level of precaution.
“I will suggest three things. First, as this spyware can travel through your mobile phone to the personal computer, users shouldn’t link their mobile devices to the PC to keep their sensitive information secured,” Kazim Rizvi, a public-policy policy entrepreneur and founder of an emerging policy think tank, The Dialogue, said.
He added., “The second suggestion would be to use platforms like Secure Drop for sharing important documents and information. The third tip is to use encrypted platform for message and communication as far as possible because it is very difficult to compromise individual’s privacy.”
Don’t accept mobile devices or personal computers as gifts: Such surveillance is being done on a much lower level and even an individual can launch it against others with the help of available software in the market.
Such Spywares are available in the market whose subscription is as cheap as Rs 2000 onwards monthly.
Many overseas companies, which deal in such technologies that enable remote surveillance of smartphones, offer online services to people in any other country. Those who want to avail of the service can pay the requisite subscription charge and the company offers software that can either be downloaded directly on phone or transferred from the PC.
“Once you download this software in the mobile device, the software will record all conversations and messages and send them to the company’s server. Along with the software the company will also create a user ID password for its subscriber who can go on the server and see all the conversation,” a cybersecurity expert, not wanting to reveal his identity said.
He added, “Many parents in India and majorly in the West gift mobile devices to their adolescent children to spy on their activities. Spouse gift mobile devises for spying purposes and even corporates use it to keep a watch on those employees who are assigned the sensitive job to do.”