Spyware: Can it be ethical to use Spyware? - Seeker's Thoughts

Recent Posts

Seeker's Thoughts

A blog for the curious and the creative.

Spyware: Can it be ethical to use Spyware?

“A spyware is any (malicious) software designed to enter your computer device, gather your data, and forward it to a third party with/without your consent.”

Mostly, this software is used without the user's consent. 

It can be used by the government also to keep an eye on suspicious individuals. For example, there is spyware named Pegasus. It made headlines in the year 2021. 
How does the Spyware spread?

  • Accepting a prompt or pop-up without reading it first.
  • Downloading software from an unreliable source.
  • Opening email attachments from unknown senders.
  • Pirating media such as movies, music, or games.
  • Clicking a link to a malware-laden website.

Spyware is a tracking tool therefore, it can collect- 
- Login Credentials- password and usernames
-Account PINs
- Debit/ Credit Card Numbers

Not only that it does monitor the keyboard strokes to collect the data, tracks the browsing habits, and collects the email address.  

Types of Spyware

1- Trojan spyware enters devices via Trojan Malware. This is not capable of automatically spreading into another system. Such software is usually downloaded from the internet by unsuspecting users. For example- Spam campaigns can lead to the installation of Trojan Spyware. 

2- Adware may monitor you to sell data to advertisers or serve deceptive malicious ads. It throws advertisement up on your screen- within a web browser. 

3- Tracking cookie files can be implanted by a website to follow you across the internet.

4-System monitors track any activity on a computer, capturing sensitive data such as keystrokes, sites visited, emails, and more. Keyloggers typically fall into this group.

Spyware can be incredibly dangerous if you’ve been infected. Threats can range from mild inconveniences to long-term financial damage. Among these problems, below are some of the most common:

Data Theft and Identity Fraud

First, and perhaps most importantly, spyware can steal personal information that can be used for identity theft. If malicious software has access to every piece of information on your computer, it can harvest more than enough information to imitate your identity. Information used for this purpose includes browsing history, email accounts, and saved passwords for online banking, shopping, and social networks. Also, if you've visited online banking sites, spyware can siphon your bank account information or credit card accounts and sell it to third parties — or use them directly.

Computer Damages

More commonly, you will face the damage spyware can do to your computer. Spyware can be poorly designed, leading to system-draining performance. The lack of performance optimization can take up an enormous amount of your computer's memory, processing power, and internet bandwidth. As a result, infected devices may run slowly and lag in between applications or while online. Worse cases include frequent system crashing or overheating your computer, causing permanent damage. Some spyware can even disable your internet security programs.

Disruptions to Your Browsing Experience

Spyware can also manipulate search engine results and deliver unwanted websites in your browser, which can lead to potentially harmful websites or fraudulent ones. It can also cause your home page to change and can even alter some of your computer's settings. Pop-up advertisements are an equally frustrating issue that accompanies some types of spyware. Advertisements may appear even when offline, leading to inescapable annoyances.

Pegasus Spyware made headlines because people accused the government to use it on the people.  So what is pegasus Spyware?

In Simple words-
Pegasus spyware is software to spy on people.


Therefore, Pegasus can spy on users without letting you know. It does not matter if you are using iPhone or Android. It is still capable of spying.

Pegasus has been developed by NSO Group from Israel and is perhaps the most powerful spyware ever created. 
It is designed to infiltrate smartphones — Android and iOS — and also, turn them into surveillance devices.

Is Pegasus expensive? Why is it created?
NSO Group sells the software to governments only. A single license, which can be used to infect several smartphones, can cost up to Rs 70 lakh. According to a 2016 price list, NSO Group charged its customers $650,000 to infiltrate 10 devices, plus an installation fee of $500,000.
It was created to spy on terrorists, and criminals, not on the common man.

Spear Fishing and Pegasus Connection? 
Pegasus spyware, how does it reach to the phone of an individual?
In 2016, Pegasus spyware infected smartphones through messages. A text message or email containing the malicious link was sent to the user.

What does Pegasus do?

Pegasus allows the extraction of complete data- including historical.

In Simple words, initial extraction sends SMS records, contacts, call history, messages, and browsing history to the command-and-control server.

From an infected device, it also makes available a whole set of active collection features that allow an attacker to take real-time actions on the target and retrieve unique information from the device and the surrounding area in its location.

Examples of active extractions include:

  • GPS-based location tracking: If GPS is disabled by a target, Pegasus enables it for sampling and immediately turns it off. If no GPS signal is accessible, Cell-ID is retrieved.
  • Environmental sound recording: Pegasus ascertains if the phone is in idle mode before turning on the microphone through an incoming silent call. Any action by the target that turns on the phone screen results in an immediate call hang-up and terminates the recording.
  • Photo taking: Both front and rear cameras can be used after Pegasus ascertains that the phone is in idle mode. The quality of the photo can be pre-determined by an attacker to reduce data use and ensure faster transmission. NSO cautions that since the flash is never used and the phone might be in motion or in a low-lit room, photos can at times be out of focus.
  • Rules and alerts: A number of conditions can be pre-set for real-time action, such as geofencing alerts (target enters or exits a defined location), meeting alerts (when two devices share the same location), connection alerts (a call or message sent or received to/from a specific number), and content alert (a specific word used in a message), etc.

Use of Pegasus

On August 23, 2020, according to intelligence obtained by the Israeli newspaper Haaretz, NSO Group sold Pegasus spyware software for hundreds of millions of US dollars to the United Arab Emirates and the other Gulf States, for surveillance of anti-regime activists, journalists, and political leaders from rival nations, with encouragement and mediation by the Israeli government.

 Later, in December 2020, the Al Jazeera investigative show The Tip of the Iceberg, Spy partners, exclusively covered Pegasus and its penetration into the phones of media professionals and activists; and its use by Israel to eavesdrop on both opponents and allies.

NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale, according to a major investigation into the leak of 50,000 phone numbers of potential surveillance targets.

These include heads of state, activists, and journalists, including Jamal Khashoggi’s family. 

The Pegasus Project is a ground-breaking collaboration by more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, who conducted cutting-edge forensic tests on mobile phones to identify traces of the spyware.




No comments:

Post a Comment