Pegasus Hack: How Much Did it Cost to Spy on Citizens?
Offensive cyberware is big business in Israel
Half a million dollars (over 3.5 crore rupees) in installation fees. $650,000 (almost 5 crore rupees) to spy on just 10 Android or iPhone users. And hundreds of thousands dollars more for additional surveillance targets. Pegasus spyware does not come cheap, to say the least.
The spyware is sold by an Israeli surveillance company NSO - which has, till recently, kept a relatively low profile. NSO made headlines when it emerged that the company’s spyware was used by countries like Saudi Arabia and Mexico, to spy and crackdown on dissidents and activists.
In 2016, the New York Times obtained internal NSO group emails, contracts and commercial proposals - and calculated the cost of installing and running the spyware.
NYT found that, much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat $500,000 installation fee. To spy on 10 iPhone users, NSO charges government agencies $650,000; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users — on top of the setup fee, according to one commercial proposal.
You can pay for more targets. One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter.
What that gets you, NSO Group documents say, is “unlimited access to a target’s mobile devices.” In short, the company says: You can “remotely and covertly collect information about your target’s relationships, location, phone calls, plans and activities — whenever and wherever they are.”
In India, the 300 “verified” targets would have set the Indian Government back by a huge sum -- an installation fee of $500,000 (multiple agencies mean several times that number), $1.3 million for the first 10 iPhone users and first 10 Android users, and $2.25 million for the remaining targets. The total amount adds up to $4.05 million, without taking into account the annual maintenance fee. Adding the maintenance fee of 17% every year (without factoring in the annual cost escalation), takes the cost up to around $7.5 million for the period between 2016 and 2021, notes an article in the Indian Express.
These figures are estimates based on the documents acquired by NYT in 2016, and probably a massive underestimation.
A better benchmark, the Indian Express notes, is the Israeli spyware tool maker Candiru that has a similar pricing structure, but with a much higher all-inclusive installation fee.
How much higher? Candiru’s installation fee is around $28 million.
However, given that Candiru’s installation fee includes exfiltration of 10 targets, a comparative NSO figure would be $1.15 million, making the more recent pricing model of Candiru nearly 25 times costlier than the 2016 NSO prices — an escalation that can be factored in NSO’s latest prices too. Using this comparison, the $7.5 million payout inflates to around $187.5 million, or Rs 1,401 crore at current exchange rates, states the Express.
Leaked documents obtained by TheMarker, Haaretz’s sister publication, and court filings made as part of a labor dispute between Candiru and a former senior employee corroborate these figures.
Offensive cyberware is big business in Israel - as the millions of dollars charged by companies such as Candiru and NSO proves. Industry sources say it generates about $1 billion in sales a year.
Cover Photograph Reuters