Special Issue Current Affairs UPSC CSE -Oct Week 5
- Between 1964 and 1965, an entomologist called William Brock collected samples of soil from around east Africa. Inside one of these samples, taken in Kenya and stored in the British Natural History Museum until now, was a tiny species of beetle, pale yellow and gold.
- Measuring just 0.79 millimetres, the beetle has no eyes or wings, with a small pit between where the eyes should have been.
- The species has just got a name. Natural History Museum scientific associate Michael Darby, who is quoted on the Museum website as describing himself as a great fan of Greta Thunberg, has described the species and named it Nelloptodes gretae, after the teenage climate activist.
- Biological names comprise two words, one for the genus and the second for the species. Traditionally, it is the species name that scientists coin to honour a prominent personality, and sometimes even a friend or a relative.
- While the species name gretae derives from Greta, the genus Nelloptodes too is new, the Museum said in a statement announcing the naming of the species.
- Darby described not only the new genus and the species he named after Greta Thunberg, but eight other species of beetles, all within the same sample of soil. All the nine species belong to a family called Ptiliidae.
- Darby has named many species of Ptiliidae beetles earlier.
- Beetles of this family are found all over the world, yet they are not particularly well known because of their size — they are so small that even some single-cell animals are larger. Many of them are, in Darby’s words, smaller than a full stop.
Putting an end to apprehensions about a rainy Diwali in Maharashtra, Cyclone Kyarr, which had formed close to South Konkan over the Arabian Sea, has moved away.
Where was Cyclone Kyarr formed?
- The cyclone formed over the Arabian Sea. It fell under the ‘very severe cyclonic storm’ category, with wind speed going up to 170-180 km/hour.
- This system was brewing at a location about 200 km off Ratnagiri on Maharashtra coast since early this week.
- As it intensified, the cyclone caused heavy rain, mainly over south Konkan and Goa, in the last three days.
- Madhya Maharashtra regions, including Pune and neighbourhood areas, experienced overcast conditions accompanied by light rain during this period.
- Recently, the popular messaging platform WhatsApp was used to spy on journalists and human rights activists in India earlier this year. The surveillance was carried out using a spyware tool called Pegasus, which has been developed by an Israeli firm, the NSO Group.
- WhatsApp sued the NSO Group in a federal court in San Francisco recently, accusing it of using WhatsApp servers in the United States and elsewhere “to send malware to approximately 1,400 mobile phones and devices (‘Target Devices’)… for the purpose of conducting surveillance of specific WhatsApp users (‘Target Users’)”.
- The surveillance was carried out “between in and around April 2019 and May 2019” on users in 20 countries across four continents, WhatsApp said in its complaint.
- In an Op-ed in The Washington Post, the head of WhatsApp, Will Cathcart, wrote that the surveillance “targeted at least 100 human-rights defenders, journalists and other members of civil society across the world”. He underlined that “tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk”.
- WhatsApp, which is owned by Facebook, is the world’s most popular messaging app, with more than 1.5 billion users worldwide. About a quarter of those users — more than 400 million, or 40 crore — are in India, WhatsApp’s biggest market.
- The NSO Group is a Tel Aviv-based cyber-security company that specialises in “surveillance technology” and claims to help governments and law enforcement agencies across the world fight crime and terrorism.
What is Pegasus?
- All spyware do what the name suggests — they spy on people through their phones. Pegasus works by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone. (A presumably newer version of the malware does not even require a target user to click a link.)
- Once Pegasus is installed, the attacker has complete access to the target user’s phone.
- The first reports on Pegasus’s spyware operations emerged in 2016, when Ahmed Mansoor, a human rights activist in the UAE, was targeted with an SMS link on his iPhone 6.
- The Pegasus tool at that time exploited a software chink in Apple’s iOS to take over the device. Apple responded by pushing out an update to “patch” or fix the issue.
- In September 2018, The Citizen Lab, an interdisciplinary lab based at the Munk School of Global Affairs & Public Policy, University of Toronto, showed that Pegasus delivers “a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission”. Pegasus spyware’s operations were live in 45 countries at the time, The Citizen Lab research showed.
- (A “zero-day exploit” is a completely unknown vulnerability, about which even the software manufacturer is not aware, and there is, thus, no patch or fix available for it. In the specific cases of Apple and WhatsApp, therefore, neither company was aware of the security vulnerability, which was used to exploit the software and take over the device.)
- In December 2018, Montreal-based Saudi activist Omar Abdulaziz lodged a case against the NSO Group in a court in Tel Aviv, alleging that his phone had been infiltrated using Pegasus, and conversations that he had with his close friend, the murdered Saudi dissident journalist Jamal Khashoggi, snooped on.
- Khashoggi was slaughtered by Saudi agents at the kingdom’s consulate in Istanbul on October 2, 2018; Abdulaziz said he believed his phone was hacked in August that year.
- In May 2019, the Financial Times reported that Pegasus was being used to exploit WhatsApp and spy on potential targets. WhatsApp issued an urgent software update to fix the security bug that was allowing the spyware to exploit the app.
The Pegasus method
- To monitor a target, a Pegasus operator must convince a target to click on a specially crafted ‘exploit link’ which allows the operator to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission.
- Once the phone is exploited and Pegasus installed, it begins contacting the operator’s command and control servers to receive and execute operator commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.
- The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity. In the latest vulnerability, the subject of the lawsuit, clicking the ‘exploit link’ may also not be required and a missed video call on WhatsApp will have enabled opening up the phone, without a response from the target at all.
Once installed, what can Pegasus do?
- The Citizen Lab post said Pegasus can “send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps”.
- The target’s phone camera and microphone can be turned on to capture all activity in the phone’s vicinity, expanding the scope of the surveillance. According to claims in a Pegasus brochure that WhatsApp has submitted to court as a technical exhibit, the malware can also access email, SMS, location tracking, network details, device settings, and browsing history data.
- All of this takes place without the target user’s knowledge.
- Other key features of Pegasus, according to the brochure are: ability to access password-protected devices, being totally transparent to the target, leaving no trace on the device, consuming minimal battery, memory and data so as to not arouse suspicion in more alert users, a self-destruct mechanism in case of risk of exposure, and ability to retrieve any file for deeper analysis.
How did Pegasus exploit WhatsApp?
- That’s the big question for many, given that WhatsApp has always tom-tommed its end-to-end encryption.
- The Financial Times report in May this year said that a missed call on the app was all that was needed to install the software on the device — no clicking on a misleading link was required. WhatsApp later explained that Pegasus had exploited the video/voice call function on the app, which had a zero-day security flaw.
- It did not matter if the target did not take the call — the flaw allowed for the malware to be installed anyway.
- The exploit impacted WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Can Pegasus be used to target just about anyone?
- Technically, yes. But while tools such as Pegasus can be used for mass surveillance; it would seem likely that only selected individuals would be targeted. In the present case, WhatsApp has claimed that it sent a special message to approximately 1,400 users who it believed were impacted by the attack, to directly inform them about what had happened.
- WhatsApp has not said how many people it contacted in India.
- It is not known who carried out the surveillance on the Indian targets.
- The NSO Group, while disputing WhatsApp’s allegations “in the strongest possible terms”, has said that it provides the tool exclusively to “licensed government intelligence and law enforcement agencies”, and not just to anyone who wants it.
- The very popularity of a messaging app makes it a target for hackers, cyber criminals, or other entities. Even law enforcement agencies across the world want messages to be decrypted — a demand that WhatsApp is fighting, including in India.
- WhatsApp uses the Signal app protocol for its end-to-end encryption, which seems safe so far. WhatsApp has an advantage over Telegram: in Telegram, only the “secret chats” are end-to-encrypted, while on WhatsApp everything is end-to-end encrypted by default.
- Those rattled by the WhatsApp episode might want to switch to Signal or Wire.
- However, it is important to be aware that unknown ‘zero-day’ exploits could exist for virtually every software and app in the world — and that they might be exploited at some point in the future by individuals or agencies determined to do so.
Current Affairs UPSC CSE
UPSC CSE Free Preparation
|Section Name||Imp Links|
|The Prayas India Online Coaching||Epathshala|
|UPSC CSE Current Affairs ||Current Affairs|
|Event The Prayas India||Events|
|About The Prayas India||About US|
|Contact Us The Prayas India||Contact US|
|The Prayas India Youtube Channel||Youtube Channel|
|The Prayas India Website Link||Website|
|The Prayas India App Download||App|
|The Prayas India Facebook|
|The Prayas India Instagram|
|The Prayas India Twitter|
|The Prayas India Linkdin||Linkdin|
|The Prayas India Reddit||Linkdin|