Digital Evidence in the Shadow of Pegasus Spyware
Digital Evidence in the Shadow of Pegasus Spyware
The controversy over Pegasus Spyware has highlighted the changing dimensions of digital evidence and the need to be ever vigilant of the dynamic nature of cyber crime. It has also highlighted the need for the judiciary to play a more pro-active role.
Pegasus is a spyware developed by Israeli cyber arms firm NSO Group that infects devices such as laptops and mobile phones. The sophisticated spyware allows its users to read text and WhatsApp messages, track location, access microphones and cameras. Pegasus can even avoid detection by antivirus software and can be deactivated remotely.
Probably the only way to deal with virus is to get rid of the device. Sensing the gravity of the matter and admitting that its users have been compromised, WhatsApp filed a suit in October 2019 in California. NSO, the parent company of Pegasus, is opposing the suit on the ground of sovereignty and want of notice. Now other IT giants have also joined the said suit and Amazon Cloud has banned Pegasus on its portal.
The need for further directions from the courts in respect of 65 B Certificate is highlighted by many instances. In the matter of Dr. Shoma Sen Vs. State of Maharashtra (pending Petition in the Bhima Koregaon case) Arsenal, a reputed cyber forensic agency was able to show that the lap top of Mr Wilson was compromised much before the alleged offence was committed and hence prosecution was sought to be quashed. In this case forensic experts claimed that the digital evidence relied upon by NIA in filing the charge sheet, was planted. While the NIA has challenged Arsenal’s findings, if an FIR is filed against any person by Agencies like NIA / CBI / EOW / ED and custody is sought on the basis of Digital Evidence, such a person may have to spend a long time in prison durng the pendancy of the trial, even though ultimately it may be proved that the evidence was false.
Today hacking has become a child’s play and the tools for this are easily available on the Darknet, which is a web world that is securely managed by anonymous operators whose communication channels are difficult to decode even by the best security agencies.
The DARK market caters to all forms of human need, greed and perversion and has multiple non-detectable payment options including Crypto currency. The protocol in DARKNET gives it a high degree of anonymity and it is difficult for even countries with the best of the tools to find the users.
In countires like India, with investigating agencies using outdated technology, the task is insurmountable. This state of affairs is highlighted by the case of a Pune businessman, Late Mr. Deepak Shah, who was charge sheeted for creating the profile of a woman unknown to him. When the police came to arrest him he was in the ICU after a bypass surgery. The police had failed to understand the time difference in the American and Indian formats and had come to charge him on the basis of misinterpreted information.
In such a scary scenario it is important for the court to give directive to the state investigative agencies that they need to certify that the evidence they are using against an accused has not been tampered with. If such a direction had been in existence, probably Father Stan Swamy would have been alive today and the pune businessman would have been saved the blushes.
Contact
For more information on how we can help you secure your data, get you compliant and protect your business, please complete the form below and one of Information security / Cyber Forensic expert and Compliance specialists will respond to you as soon as possible.