According to a report by The Wire, phone numbers of over 40 Indian journalists, Opposition leaders and ministers, recently appeared on a leaked list of potential targets for surveillance. Some of them might have been snooped upon by an unidentified agency using Pegasus spyware.

Source: The Print

Pegasus is a spyware developed by an Israel-based cyber intelligence and security firm NSO Group, which is apparently available only to “vetted governments”. 

It can infiltrate both, iOS and Android devices.

Source: NDTV

The France-based media non-profit, Forbidden Stories, and Amnesty International accessed the leaked list first, which they shared with The Wire and 15 other news organisations worldwide as part of a lengthy collaborative investigation called the Pegasus Project.  

The Washington Post and the Guardian also claimed that over 10 governments are using this spyware to spy on journalists, activists and other key media personalities.

According to The Wire's analysis, the list includes numbers of top journalists from big Indian media houses like the Hindustan Times, including executive editor Shishir Gupta, India Today, Network18, The Hindu and Indian Express.

Three major Opposition figures, 2 serving ministers in the Modi government, one Constitutional authority, officials and heads of security organisations and businesspersons, are among others on the leaked list.

Source: India Today

It is believed that most of these numbers were targeted between 2018 and 2019, in the run-up to the 2019 Lok Sabha general elections. 

The Indian government has denied any involvement in the hacking. It said:

The allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever. In the past, similar claims were made regarding the use of Pegasus on WhatsApp by Indian state. Those reports also had no factual basis and were categorically denied by all parties, including WhatsApp in the Indian Supreme Court. This news report, thus, also appears to be a similar fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions.

In response to the data leak, the NSO Group has said that the Forbidden Stories report is full of wrong assumptions and uncorroborated theories.

According to Citizen Lab of University of Toronto, the Pegasus malware can evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by operators remotely.

It is further capable of stealing passwords, contacts, text messages, and accessing the phone's camera, microphone, and GPS, and other information with voice or video calls made through Whatsapp.

In 2019, WhatsApp had also confirmed that aeound 1,400 of its users across 20 countries, including Indian journalists and activists, had been targeted by Pegasus.