Principles of Management (MBA133)

CIA-3
on
Infographics on Social or Ethical Issues

A Report submitted in partial fulfilment of the requirements for the degree of

Master of Business Administration

By
Anchal Dugar- 2127535
Under the Guidance of
Prof. Saba Fatma

MBA PROGRAMME
SCHOOL OF BUSINESS AND MANAGEMENT
CHRIST (DEEMED TO BE UNIVERSITY), BANGALORE
OCTOBER 2021
Software used for Data
Theft and Privacy
Invasion by

NSO Group Technologies is an Israeli technology company that

was formed in 2010. Their solutions assist government
intelligence, and law enforcement organizations overcome the
hurdles of encryption to prevent and investigate terrorism and
criminal activity.

Pegasus is a software developed by the NSO intended for use against

criminals and terrorists and is made available only to the military, law
enforcement, and intelligence agencies from countries with good
human rights records. But instead, as per reports, it was used to spy on
journalists, dissidents, and activists.

Employ a team to study the extent of the

Fire the ones who were involved in this
damage done because of the spyware on
kind of behaviour
the company's reputation and people

impacted.

Hire a good team of people to change

Ask for forgiveness from whoever was
the course of the business and turn the
affected due to the spyware and issue a
business to work towards more ethical
public apology.
practices and build a community of

trust.

Proper Scrutiny of the company employees

and others who were included in this

scandal.
 PEGASUS SPYWARE
- Software used for Data Theft and Privacy Invasion by NSO Group

INTRODUCTION
NSO Group Technologies is an Israeli technology company. It was founded in 2010 by Niv
Carmi, Omri Lavie, and Shalev Hulio. The company provides technological help to
government agencies to detect and prevent terrorism and crime. It is based in Herzliya, near Tel
Aviv, Israel.
As per their website, their products have been successfully used to:

 Prevent terrorism, including gun violence, car bombs, and suicide bombers at
transportation hubs, public parks, markets, concert venues, sports arenas, and other
public areas
 Break up paedophilia, sex- and drug-trafficking rings, and money-laundering
operations
 Find and rescue kidnapped children
 Assist emergency search and rescue (SAR) teams in locating survivors trapped under
collapsed buildings in the wake of natural disasters or construction failures
ABOUT PEGASUS SPYWARE
End-to-end encryption is a technology that ascents messages on one’s phone and unscrambles
them only on the recipients’ phones, which means anyone who intercepts the messages in
between cannot read them. A lot of software uses this technology like Facebook, WhatsApp,
Google, Twitter, etc. This technology works well for protecting our privacy. But it is does not
work well in favour of the government as it makes it difficult for them to track criminals, spy
on people.
The firm NSO Group somehow altered this. Pegasus is one of the leading products. It is defined
as malware that can infiltrate a smartphone and access all of its features, including the camera
and microphone. It was found to infiltrate iOS and android and Blackberry Operating System.
How Does it Work?
Pegasus was previously deployed on cell phones through flaws in widely used applications or
spear-phishing. It includes fooling a target user into following a link or opening a document
that covertly instals the malware.

If an agent can take the target's phone from a nearby wireless transmitter, it can also be
deployed manually. The spyware can be installed on cell phones via a missed call on
WhatsApp. They can even remove the missed call's record, making it difficult for the phone's
owner to notice anything is wrong. Another mode is to send a message to a user's phone that
does not result in a notice. All the spyware needs are a particular operating system installed on
the device and it will find the vulnerabilities and infiltrate. This kind of infiltration is called
“zero-click exploit”.
Once the spyware is installed, it can harvest any data from the device and send it back to the
hacker. It can steal phots, record videos, turn on the microphone as per its convenience and
listen the conversation, web searches, communication, passwords, call logs, etc.

How has the spyware impacted people and organisations globally?

There was an investigation carried on by Paris-based Media non-profit Forbidden Stories and
Amnesty International. They accessed a leaked database of thousands of phones numbers that
were targeted by Pegasus. They shared data with global media organisations as a collaborative
investigation and called it “Pegasus Project”.
As per the Project, the close to 11 countries were a target because of the spyware. The following
people were affected due to the spyware:
1. Arab Royal Families
2. 600+ politicians/ government officials
3. 64 business executives
4. 189 journalists
5. 85 human right activists
6. 50,000+ phones numbers leaked
According to their research, the list includes more than 40 journalists, three opposition figures,
and two ministers from Prime Minister Narendra Modi's government in India. This included
Rahul Gandhi, the leader of the opposition, who had two cell phone numbers on the list. Mr
Gandhi no longer possesses the gadgets, so they could not be examined to see if he had been
hacked. The Indian government has denied the use of unlicensed surveillance.
Current Situation:
In 2019, WhatsApp filed a lawsuit against NSO, saying that the firm was responsible for
Pegasus-related cyber-attacks on 1,400 phones. NSO denied any wrongdoing at the time, but
the firm was barred from using WhatsApp. The claims made in this case are not new. What's
new is the extent to which innocent people are supposedly being targeted. This list contains the
phone numbers of over 200 journalists from 21 nations, with additional high-profile public
personalities' identities anticipated to be published. The effect of the Spyware is still being
checked.
RECOMMENDATIONS:
I have recommended the following solutions to NSO Group on unethically taking down data
of human beings: -
1. The company should begin with outsourcing or hiring a team of professionals to
diagnose the damage done by the spyware on the company’s reputation, the people and
the organisations.
2. Along with that, they should go for a public apology for those who have been hurt
because of the spyware.
3. There should be a proper scrutiny of the case and find out all the employees who were
related to the scandal. This would be useful to find out the people related to scandal.
4. The company should fire those employees related to the spyware and create an
atmosphere of no tolerance of bad behaviour in the organisation. This would decrease
this kind of malpractices in the future.
5. The company should then hire good employees matching the company’s culture and
vision. They should create a whole new environment in the company with putting
ethical behaviour a priority.
 REFERENCES

1. Ames, A. (2021, September 14). https://techcrunch.com/2021/09/13/apple-zero-day-

nso-pegasus/. Retrieved from TechCrunch: https://techcrunch.com/2021/09/13/apple-
zero-day-nso-pegasus/
2. Amnesty International. (2021, July 18). Forensic Methodology Report: How to catch
NSO Group’s Pegasus. Retrieved from Amnesty International:
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-
how-to-catch-nso-groups-pegasus/
3. Brewster, T. (2016, August 25). Everything We Know About NSO Group: The
Professional Spies Who Hacked iPhones With A Single Text. Retrieved from Forbes:
https://www.forbes.com/sites/thomasbrewster/2016/08/25/everything-we-know-
about-nso-group-the-professional-spies-who-hacked-iphones-with-a-single-
text/?sh=30e0f94a3997
4. Gurijala, B. (2021, August 9). What is Pegasus? A cybersecurity expert explains how
the spyware invades phones and what it does when it gets in. Retrieved from
Conversation: https://theconversation.com/what-is-pegasus-a-cybersecurity-expert-
explains-how-the-spyware-invades-phones-and-what-it-does-when-it-gets-in-165382
5. Johny, S. (2021, July 21). NSO Group | The spy who came in for the phone. Retrieved
from The Hindu: https://www.thehindu.com/news/international/nso-group-the-spy-
who-came-in-for-the-phone/article35512209.ece
6. Mazoomdar, J. (2021, August 13). Explained: How Pegasus spyware infects a device;
what data may be compromised. Retrieved from Indian Express:
https://indianexpress.com/article/explained/pegasus-whatsapp-spyware-israel-india-
7410890/
7. RFE/RL. (2021, July 22). Pegasus Spyware: How Does It Work? Retrieved from
RFE/RL: https://www.rferl.org/a/how-does-pegasus-spyware-work/31371719.html
8. Sukanya Shantha, K. A. (2021, September 27). Timing of 2019 WhatsApp-NSO Hack
in India Validates Leaked Database Accessed by Pegasus Project. Retrieved from
The Wire: https://thewire.in/tech/timing-of-2019-whatsapp-nso-hack-in-india-
validates-leaked-database-accessed-by-pegasus-project
9. The Guardian. (2021, July 23). Demonstrations and inquiries: the global impact of
the Pegasus project. Retrieved from The Guardian:
https://www.theguardian.com/news/2021/jul/23/demonstrations-and-inquiries-the-
global-impact-of-the-pegasus-project
10. The Quint. (2021, July 18). Here’s How You Can Tell If Your Phone Has Pegasus
Israeli Spyware. Retrieved from The Quint:
https://www.thequint.com/explainers/pegasus-spyware-attack-and-affected-phones-
explained#read-more
11. Tidy, J. (2021, July 19). Pegasus: Spyware sold to governments 'targets activists'.
Retrieved from BBC: https://www.bbc.com/news/technology-57881364
12. NSO Group Website, https://www.nsogroup.com/