UPSC Article

Back
APP Users: If unable to download, please re-install our APP.
Only logged in User can create notes
Only logged in User can create notes

General Studies 3 >> Science & Technology

audio may take few seconds to load

COMMERCIAL SPYWARE

COMMERCIAL SPYWARE

1. Context 

Former Egyptian MP Ahmed Eltantawy became a target of Cytrox's Predator spyware between May and September. Apple has since released an update to fix the exploited bug. This attack raises concerns, given that Egypt is a known customer of Cytrox's Predator spyware.

2. About spyware

  • Spyware is a type of malware that is designed to enter a device without the user's knowledge or consent.
  • Once installed, spyware can gather a variety of information from the device, including the user's location, contacts, call history, text messages, and even the contents of their photos and videos.
  • Spyware is often used by criminals to steal financial information or other sensitive data.
  • It can also be used by governments and law enforcement agencies to track and monitor individuals of interest.

There are four main types of spyware:

  • Trojan spyware disguises itself as a legitimate program to trick the user into installing it.
  • Adware displays unwanted ads on the user's device. Adware can also collect data about the user's browsing habits.
  • Tracking cookies are used to track the user's online activity across different websites.
  • System monitors user's activity on their device and collects data about their usage patterns.

3. Spyware used to surveil political opponents 

  • Spyware has been used to surveil political opponents in many countries around the world.
  • In 2021, the Pegasus Project revealed that the spyware was used to target more than 50,000 phone numbers in 50 countries, including India, Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the UAE.
  • The Pegasus spyware was also reportedly used by Saudi Arabia to target journalist Jamal Khashoggi's wife months before his death.

4. About Commercial Spyware

  • Commercial spyware is a type of malicious software that is sold by companies to governments and law enforcement agencies.
  • It is designed to be installed on devices without the user's knowledge or consent, and it can be used to gather a wide range of data, including the user's location, contacts, call history, text messages, photos, videos, and even the contents of their conversations.
  • Commercial spyware is often used by governments to spy on political opponents and other individuals of interest.
  • However, it can also be used by criminals to steal financial information or other sensitive data.
  • One example of commercial spyware is the Pegasus spyware from the NSO Group.
  • Pegasus can be installed on iPhones and Android devices without the user's knowledge or consent, and it can be used to gather a wide range of data, including the user's location, contacts, call history, text messages, photos, videos, and even the contents of their conversations.
  • Pegasus can also be used to turn on the device's camera and microphone without the user's knowledge.
  • Another example of commercial spyware is the FinFisher spyware from Gamma International.
  • FinFisher can be installed on Windows, macOS, Linux, Android, and iOS devices.
  • It can be used to gather a wide range of data, including the user's location, contacts, call history, text messages, photos, videos, and even the contents of their conversations.
  • FinFisher can also be used to turn on the device's camera and microphone without the user's knowledge.

5. Devices targeting with commercial spyware

Devices can be targeted with commercial spyware in a variety of ways, including:

Network injection involves injecting spyware into the user's network connection, such as by redirecting the user to a malicious website.
SMS messages Spyware can be delivered via SMS messages that contain malicious links or attachments.
Zero-day vulnerabilities are security vulnerabilities that are unknown to the software vendor.
Spyware developers can exploit these vulnerabilities to install spyware on devices without the user's knowledge or consent.
Zero-click attacks are attacks that do not require the user to take any action, such as clicking on a link or opening an attachment.
Spyware can be installed on devices using zero-click attacks by exploiting vulnerabilities in the software or by exploiting trusted third-party services.

6. Increasing Use of Spyware

  • The use of spyware is on the rise, with at least 74 governments contracting with commercial firms to obtain spyware or digital forensics technology between 2011 and 2023.
  • Autocratic regimes are particularly inclined to procure commercial spyware, accounting for a significant portion of its usage.
  • Backlash and Regulation While there have been efforts to hold spyware firms accountable, including the blacklisting of the NSO Group by the U.S. in 2021, the spyware industry has largely remained resilient.
  • Other companies in the domain have continued to provide similar services, bypassing some of the restrictions.

7. Tech Company Responses

  • Tech giants such as Meta, Google, and Apple have taken proactive steps to address the issue of commercial spyware exploiting vulnerabilities in their software.
  • They have released software updates to fix the bugs exploited by spyware.
  • Additionally, Apple introduced a 'Lockdown Mode' in iOS 16, offering enhanced protection for high-risk individuals.
  • Meta-owned WhatsApp has gone even further by pursuing legal action against the NSO Group. They allege that the spyware firm accessed WhatsApp's servers without permission, which led to the installation of the Pegasus software on victims' mobile devices.
  • The U.S. administration has urged U.S. justices to reject NSO's appeal against the lawsuit.

8. Conclusion

Addressing the pervasive threat of commercial spyware requires global cooperation, robust regulatory frameworks, and continued vigilance from both tech companies and governments. Safeguarding individual privacy and the integrity of democratic institutions hinges on our collective efforts to curb the proliferation of these insidious surveillance tools.
 
For Prelims: Spyware, Commerical spyware, Pegasus spyware, FinFisher spyware, Cytrox's Predator spyware
For Mains: 
1. Summarize the key takeaways and implications of the proliferation of commercial spyware for individual privacy, democracy, and global security. (250 Words)
 
 
Previous Year Questions
 
1. Match List I with List II (UGC NET 2021)
List I                                      List II
Security threats                  Meaning
A. Hacking                        I. 'Clog-up' a user's inbox with unwanted emails
B. Phishing                       II. Gives the originator access to all data entered by the keyboard
C. Spyware                       III. Identify fraud
D. Spam                            IV. Illegal use of personal data
Choose the correct answer from the options given below:
1. A - I, B - III, C - II, D - IV           
2. A - II, B - IV, C - III, D - I
3. A - IV, B - I, C - III, D - II
4. A - IV, B - III, C - II, D - I
 
Answer: D
 
2. In which country, the Pegasus spyware has been developed? (67th BPSC 2022)
A. Israel   B.  Brazil    C. Russia   D.  China    E. None of the above/More than one of the above
 
Answer: A
 
3. _______ is the term used to describe malware that multiplies rapidly to use all the available resources in the system. (OSSC BSSO 2022) 
A. Rabbit          B. CMOS       C. Companion          D. Trap
 
Answer: A
 
4. What does Malware stand for? (OSSC CGL 2022)
A. Male standing Virus     B. Malicious Virus    C. Maletrious Virus     D. Malicious Software
 
Answer: D
 
Source: The Hindu
 
Youtube:
Share to Social

Related Articles

NATIONAL JUDICIAL DATA GRID...

16-Sep-2023
Read more

CINEMATOGRAPHY AMENDMENT BILL 2023...

28-Jul-2023
Read more

ZONAL COUNCILS...

12-Jul-2025
Read more

PARDONING POWER OF THE STATE...

17-Aug-2022
Read more