There is nothing wrong per se, in conducting surveillance to protect the security and sovereignty of a country. However, if the same surveillance tools fall in the hands of criminal minded or rogue administrators and authoritarians, then it certainly is a recipe for disaster for the country itself and its public at large. Malafide intents and individual whims and fancies take over. Agencies and regimes manned by such people start using these weapons grade surveillance softwares against their own citizens. With nil or compromised regulatory mechanisms to instill accountability and prudence, such ruling regimes often go berserk. They end up tossing ethics and democratic norms out of the window and end up using it on opposition parties , under the cover of national security.
People of India got a huge shock when allegations started flying that the Pegasus Software was being used as surveillance to monitor the movements and activities of the Supreme Court judges, police officers, journalists, ministers, opposition leaders, minority leaders, etc. The vociferous protests by the opposition that followed led to parliamentary disruptions. Many citizens rushed to the Judiciary demanding probes and accountability. On 28 October 2021, the Supreme Court of India agreed that a central-based inquiry was needed and ordered an independent probe into the issue by a three-member committee
Much bigger a shock came when people across the world came to know that Pegasus software developed by NSO of Israel has been covertly used in over 40 countries by their respective regimes as a part of surveillance for their vested interests.
U.S. National Security Agency document, Public domain, via WC
National Security Agency (NSA) till recently was using the spyware Dropoutjeep to spy on select persons. The software implant primarily for Apple iPhone utilizes modular mission applications to provide specific SIGINT functionality. It can also be installed on android phones and laptops. The software has the ability to remotely push/pull files from the device it is installed on. It can get all the information viz SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant are covert and encrypted through GPRS data connection or SMS.
eSurv, an Italian-based company developed this surveillance software. Its coding has been done in the Italian language. Exodus doesn’t need the complex machinery unlike the Pegasus and in two steps, once Exodus is downloaded, it retrieves the IMEI number of the mobile. Once the IMEI is retrieved, personal information can be accessed. A report of 30th March 2019 ran the headline “Exodus, a government malware that infected innocent victims”. The research behind this revelation was conducted by members and associates of Security Without Borders organization. It brought out as to how the spyware infected hundreds of people through the official Google Play Store. The experts brought their findings to the notice of Google in early 2019. Google promptly removed it and reverted that on it’s end it had found a total of 25 different versions of the spyware since 2016. The company also revealed that less than 1,000 people were infected with the malware and almost all were Italian users.
Hacking Team, a Milan-based technology company in Italy designed the RCSAndroid spyware. This spyware was available for downloads via an App on Google Playstore. It thus went largely unsuspected and kept spreading under the cover of Google’s trust. It has been collecting information of individuals and targets that was bing sold to Governments for loads of money.
As far back as in 2015, Security experts with Trend Micro, through a report, rated the RCSAndroid as “one of the most sophisticated an professionally developed Android malware ever exposed.”
This company, following a similar modus operandi like the NSO Group, claims to deal in surveillance software and sells it to only governments and law enforcement agencies.
Israeli companies over a period of time have become infamous for developing sophisticated surveillance softwares. Pic-Six, an Israeli-based firm run by Israeli intelligence experts developed the P6 GEO software. It is more of an IMSI-catcher, a type of technology to get access the person’s information and location just through their mobile number. It is often used by authorities to track attendees during protests via their mobile phones. The software can also be used for the manipulation of GSM mobiles as well.
In Feb 2021, Al Jazeera’s Investigation Unit alleged that Bangladesh’s army had covertly acquired the Israeli P6 Intercepts for it’s intelligence activities. Documents reveal that this was made possible via a Bangkok-based middleman in 2018.
Following a similar pattern there are hundreds of companies indulging in surveillance softwares that have propped up in the last decade. No wonder, an easy and sure shot way to inflating bottom lines by resorting to sales to govt agencies of regimes at exorbitant prices, well concealed through Non-Disclosure clauses in their Sales Agreements.
Here are many more of these similar and competing softwares that can be easily tweaked and customized to ordered specifications.