Is Bangladesh still infected by Israeli spyware Pegasus?
Citizen Lab suspected BTCL of being infected by the spyware for political targeting
Though Bangladesh was not mentioned in the recently leaked list of affected countries, where Israeli spyware Pegasus is being used to hack smartphones of journalists, oppositions and human rights activists, a Canada-based organisation named Citizen Lab found Bangladesh in a list of 45 countries with the spyware infections in 2018.
Between August 2016 and August 2018, Citizen Lab scanned the internet for servers associated with NSO Group's Pegasus spyware. They found 1,091 IP addresses that matched to their fingerprint and 1,014 domain names that pointed to them.
Citizen Lab identified five operators that they believed were focusing on Asia. One operator, GANGES, used a politically themed domain signpetition[.]co, to infect devices in Bangladesh, India, Pakistan, Brazil and Hong Kong.
After analysing the DNS cache hits, they suspected Bangladesh Telecommunications Company Limited (BTCL) of being infected by the spyware for political targeting.
When asked, Bangladesh's Posts and Telecommunications Minister Mustafa Jabbar, who is in charge since 2019, told the media, "There is absolutely no question of buying such software. Often these things end up being rumours. We have looked through our networks and have not found any issues."
However he mentioned that the law enforcement agencies will be able to give a clearer response in this regard.
TBS could not reach any high ups of the Counter Terrorism and Transnational Crime (CTTC) and Rapid Action Battalion (RAB) after several attempts over phone for comment on the matter.
Earlier, an investigation published on Sunday by 17 media organisations, led by the Paris-based non-profit journalism group Forbidden Stories, said the spyware - Pegasus, made and licensed by Israeli company NSO, had been used in attempted and successful hacks of smartphones belonging to journalists, government officials and human rights activists.
Forbidden Stories and Amnesty International gained access to a leaked list of more than 50,000 records of phone numbers that clients of the Israeli company NSO Group, the developer of Pegasus, selected for surveillance.
Later, NSO issued a statement on the same day rejecting the report, saying the report was "full of wrong assumptions and uncorroborated theories". But Citizen Lab in a report said - Amnesty International's core forensic methods for analyzing devices to determine that they have been infected with NSO Group spyware are sound.
NSO also said "its' product is intended only for use by government intelligence and law enforcement agencies to fight terrorism and crime."
In India, phones of Congress party leader Rahul Gandhi, and 40 journalists from Indian Express, Hindu, Hindustan Times and The Wire were tapped with the spyware.
A number once used by Pakistan Prime Minister Imran Khan and those of dozens of diplomats in India from countries such as China and Iran are among potential targets selected by users of the Pegasus spyware programme.
The phone of French President Emmanuel Macron was also targeted for potential surveillance on behalf of Morocco, according to the media report.
They NSO Group's spyware has also successfully infected thousands of iPhone 11 and iPhone 12 models through iMessage zero-click attacks, potentially compromising the data security of thousands of iPhone users.
What is Pegasus and how does it work?
Pegasus is perhaps the most powerful spyware ever created till date. It is designed to infiltrate smartphones - both Android and iOS - and turn them into surveillance devices.
A spyware is any malicious software designed to enter your computer device, gather your data, and forward it to a third-party without your consent.
Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means a phone could be infected even if it has the latest security patch installed.
A previous version of the spyware — from 2016 — infected smartphones using a technique called "spear-fishing": text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link- a requirement that was done away with in subsequent versions.
By 2019, Pegasus could infiltrate a device with a missed call on WhatsApp and could even delete the record of this missed call, making it impossible for the user to know they had been targeted.
In May that year, WhatsApp said Pegasus had exploited a bug in its code to infect more than 1,400 Android phones and iPhones this way, including those of government officials, journalists and human rights activists. It soon fixed the bug.
Pegasus also exploits bugs in iMessage, giving it backdoor access to millions of iPhones.
The spyware can also be installed over a wireless transceiver (radio transmitter and receiver) located near a target.
Once installed on a phone, Pegasus can intercept and steal more or less any information on it, including SMS, contacts, call history, calendars, emails and browsing histories. It can use your phone's microphone to record calls and other conversations, secretly film you with its camera, or track you with GPS.