Pegasus snooping: How costly is the Israeli spyware? – ET CISO
This comes after a recent investigation by an international media consortium under therevealed that thousands of phone numbers were allegedly targeted by the Pegasus created by , an Israeli software company.
Several prominent Indians, including Congress leader Rahul Gandhi, Union ministersand Pralhad Patel, poll strategist Prashant Kishor, were said to be potential targets of the spyware, according to a series of reports on The Wire.
The issue has now led to multiple disruptions in the ongoingsession with opposition members causing a ruckus in both Lok Sabha and Rajya Sabha.
The opposition MPs have said they won’t let normal proceedings resume until the government agrees to a full-fledged debate on the snooping row.
But how much does it cost to deploy such a sensitive spyware? Turns out it’s anything but cheap.
Citing a 2016 price list, the New York Times reported the NSO Group charged its customers $650,000 to infiltrate 10 devices, plus an installation fee of $500,000,
The NYT report also stated that much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat $500,000 installation fee.
According to a commercial breakdown, NSO charges government agencies $650,000 to spy on 10 iPhone users; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users — on top of the setup fee.
One can pay for more targets.
One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, the NYT report said citing an NSO Group commercial proposal.
There is an annual system maintenance fee of 17 per cent of the total price every year thereafter, it stated.
However, these prices were for old versions of Pegasus. Newer versions have “zero-click” abilities to infiltrate a phone without any action (such as clicking a link) by a targeted user and may cost more.
The Mexican government, for instance, spent around $61 million to spy on political opponents.
Of the 50,000 phone numbers revealed as a database of potential Pegasus targets by several publications, nearly one-third are from Mexico, all from 2016 and 2017.
Of these, 400 have been identified and verified and they include numbers of dozens of people close to then-presidential candidate and now president Andrés Manuel López Obrador, The Washington Post reported.
Mexico’s top security official said that two previous administrations spent $61 million (approx Rs 452.8 crore) to buy Pegasus spyware. Mexico has acknowledged that it purchased the spyware from Israel’s NSO Group.
The Public Safety Secretary said records had been found of 31 contracts signed during the tenures of former Presidents Felipe Calderón (2006-2012) Enrique Peña Nieto (2012-18).
Some contracts may have been disguised as purchases of other equipment. Many of the contracts with NSO Group were signed with front companies, often used to facilitate kickbacks or avoid taxes.
How does Pegasus work?
Pegasus’ USP is its ability to invade a phone without a click from the targeted user.
The Organized Crime and Corruption Reporting Project (OCCRP) said that earlier versions required a target’s active participation.
Pegasus operators sent text messages containing a malicious link, which if clicked on would open a malicious web page to download and execute the malware.
But as people became better at spotting malicious spam, the use of ‘zero-click exploits’ began.
Zero-click exploits use bugs in popular apps like iMessage,, and FaceTime, which all receive and sort data, sometimes from unknown sources.
“Once a vulnerability is found, Pegasus can infiltrate a device using the protocol of the app. The user does not have to click on a link, read a message, or answer a call — they may not even see a missed call or message,” OCCRP says.
Timothy Summers, a former cyber engineer at a US intelligence agency, described Pegasus as a nasty software.
“It hooks into most messaging systems including Gmail, Facebook, WhatsApp, FaceTime, Viber, WeChat, Telegram, Apple’s built-in messaging and email apps, and others. With a line-up like this, one could spy on almost the entire world population. It’s apparent that NSO is offering an intelligence-agency-as-a-service,” Summers had said to reporters.