The cost of installing Pegasus in phones is in crore
THE COST of deploying spyware such as Pegasus is, even by conservative estimates, rather steep. According to estimates based on NSO Group Business Proposal documents acquired by The New York Times in 2016, the Israeli spyware maker priced its monitoring tools at the same price as traditional software companies: 500,000 $ setup fee, followed by $ 650,000 to spy on 10 iPhones or Android users; $ 500,000 for five BlackBerry users; or $ 300,000 for five Symbian users.
Other surveillance targets, according to the report, required the client to pay additional fees: $ 800,000 for 100 additional targets; $ 500,000 for 50 additional targets; or $ 150,000 for 20 additional targets.
In addition, NSO also charged an annual system maintenance fee of 17 percent of the total cost each year after the initial order. The fees applied to a fixed initial period, with renewals billed additionally.
So if the list includes 300 ‘verified’ Indian cell phone numbers, the total cost, even on a conservative basis at pre-2016 prices, and assuming a single agency was responsible for monitoring all of those 300 targets, equates to an installation fee. of $ 500,000 (multiple agencies mean multiple times that number), $ 1.3 million for top 10 iPhone users and top 10 Android users, and $ 2.25 million for remaining targets. The total amount is $ 4.05 million, not including annual maintenance fees. Adding the maintenance fee of 17% each year (without taking into account the annual increase in costs) brings the cost to around $ 7.5 million for the period between 2016 and 2021.
Although it has not been possible to confirm whether these prices are for the Pegasus tool, it is one of the flagship products of the NSO Group, and the estimates could mean an expense well in excess of Rs 56 crore, based on prices only for the initial period of a few months to a year. There are additional charges involved in renewing and extending the validity period. This does not take into account the annual increase in costs and premium that the service ordered.
NSO maintains that it sells its technologies only to law enforcement and intelligence agencies of “controlled governments” with the aim of “preventing criminal and terrorist acts”.
A better marker for spyware benchmarks comes from another Israeli for-profit spyware tool maker, Candiru, whose software has been deployed to perform surveillance according to recent reports. This has a similar pricing structure, but with a much higher all-inclusive setup fee that increases overall spend for customers.
For example, Candiru’s installation costs are around $ 28 million, which is almost 60 times the NSO Group’s installation costs, as shown in the 2016 report. However, given that the costs of Candiru’s facility include exfiltration of 10 targets, an NSO comparative figure would be $ 1.15 million, making Candiru’s most recent pricing model nearly 25 times more expensive than 2016 NSO prices – an escalation that can be factored into the latest NSO prices. too much. Using this comparison, the $ 7.5 million payment swells to around $ 187.5 million, or Rs.1401 crore at current exchange rates.
According to The Guardian, which is part of the ongoing investigation by French media rights organization Forbidden Stories, the presence of a phone number in the database was not confirmation that the respective device was infected with Pegasus or was the subject of a hacking attempt. . “… The consortium believes the data is indicative of potential targets that ONS government clients have identified prior to possible surveillance attempts,” he reported.
A report from The Wire noted that Amnesty’s security lab examined 67 smartphones where attacks were suspected. Of these, 23 were successfully infected and 14 showed signs of attempted infiltration. For the remaining 30, the report said the tests were inconclusive. This was mainly because in several cases the devices had been replaced by their users. Fifteen of the phones were running Google’s Android operating system, with none of them showing any signs of successful infection.
Candiru’s operations are broadly comparable to those of the NSO Group, although the operations were on a smaller scale. According to a September 2020 report from the Israeli newspaper Haaretz, Candiru offers a “high-end cyber intelligence platform dedicated to infiltrating PC computers, networks, mobile phones, using blast operations and broadcasts ”.
According to a leaked business proposal document obtained by Haaretz’s sister publication, The Marker, the license for the base system software costs 23.5 million euros before a “special discount” of 6.65 million euros. This includes license fees (for 3 operator station licenses), software modules for Windows, iOS and Android devices, infection vectors (hyperlinks, armed files, etc.), system hardware and services. professional and training.
This up-front charge is for simultaneous exfiltration of 10 targets located in the end-user’s country, but the company offers additional pricing options. For 15 additional simultaneous targets and one more country, the customer would have to pay 1.5 million euros in addition to the initial costs. For 25 simultaneous infiltrations and five additional countries, this would represent an additional 5.5 million euros.
According to Candiru’s business proposal document signed by an anonymous VP of sales, the customer should make 50% of the initial payment as a deposit, while 40% should be paid when the system is delivered to the end user. terminal and the remaining 10% after competition of the training module.
The Haaretz reported that offensive cybercrime is big business in Israel, and, citing industry sources, noted that the industry generates around $ 1 billion in sales per year – the largest of which is the group. NSO. The Pegasus maker reportedly generated $ 240 million in revenue last year, up from $ 30 million in 2013.