Why in news?
Recently the malware Pegasus was seen in the news for being used as a surveillance tool to secretly monitor and spy on an extensive host of public figures in India.
Developed by an Israeli firm NSO group, Pegasus is designed to gain access to devices without the knowledge of the user. In 2016, it infected smartphones using a technique called spear-fishing (The hackers used to send malicious links to the target via emails and text messages). In 2019, Pegasus was upgraded with such a feature so that it can infiltrate a device with a missed call on whatsapp and even delete the record of the missed call. Now in 2021, Pegasus can infiltrate a device by “zero-click” attacks. It does not require any interaction with the owner in case of “zero-click” attacks.
Recent Pegasus attack in India
According to some media outlets, one thousand people’s number in over fifty countries are included in the list. It includes politicians, business activists, heads of the states and members of royal families. Most of the names are clustered in majorly 10 countries where India’s name is also there in the list.
Recent steps taken by the GOI
National Cyber Security Co-ordination Centre (NCCC): National Cyber Security Coordinator (NCSC) under National Security Council Secretariat (NSCS) coordinates with different agencies at the national level for cyber security matters. It was developed to scan internet traffic and communication metadata which are coming into the country to detect real-time cyber threats. It has been set up to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
Cyber Swachhta Kendra: The ” Cyber Swachhta Kendra ” (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY) to create a secure cyberspace by detecting botnet infections in India and to notify, enable cleaning and securing systems of end-users so as to prevent further infections. The “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre) is set up in accordance with the objectives of the “National Cyber Security Policy”, which envisages creating a secure cyber ecosystem in the country. This centre operates in close coordination and collaboration with Internet Service Providers and Product/Antivirus companies. This website provides information and tools to users to secure their systems/devices. This centre is being operated by the Indian Computer Emergency Response Team (CERT-In) under provisions of Section 70B of the Information Technology Act, 2000.
Computer emergency response team-IN (CERT-IN): CERT-IN is operational from 2004. It is the national nodal agency for responding to computer security incidents as and when they occur. It plays the following functions in the area of cyber security:
- Collection, analysis and dissemination of information on cyber incidents.
- Forecast and alerts of cyber security incidents.
- Emergency measures for handling cyber security incidents.
- Coordination of cyber incident response activities.
Cyber Surakshit Bharat Initiative: The objective of this program is to educate and enable the Chief Information Security Officers (CISO) and broader IT community to address the challenges of cyber security.
Legislation on surveillance
The laws authorising interception and monitoring of communications are as follows:
- Rule 419A of the Telegraph Rules
- The Information Technology Act, 2000
- Section 92 of CrPC
- Budapest convention: It is an international convention that seeks to address cybercrime by improving investigative techniques, harmonising national laws and increasing co-operations among nations. India is not a signatory of the Budapest convention.
- International Telecommunication Union: Established in 1865, the ITU is the UN’s agency for Information and Communication technologies. It plays an important role in the development and standardisation of telecommunications and cybersecurity issues.