According to a report by The Wire, phone numbers of over 40 Indian journalists, Opposition leaders and ministers, recently appeared on a leaked list of potential targets for surveillance. Some of them might have been snooped upon by an unidentified agency using Pegasus spyware.
Pegasus is a spyware developed by an Israel-based cyber intelligence and security firm NSO Group, which is apparently available only to “vetted governments”.
It can infiltrate both, iOS and Android devices.
The France-based media non-profit, Forbidden Stories, and Amnesty International accessed the leaked list first, which they shared with The Wire and 15 other news organisations worldwide as part of a lengthy collaborative investigation called the Pegasus Project.
The Washington Post and the Guardian also claimed that over 10 governments are using this spyware to spy on journalists, activists and other key media personalities.
Military-grade Israeli spyware was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and the fiancee of murdered Saudi journalist Jamal Khashoggi, a global investigation finds. https://t.co/X0LbRPAy0l— The Washington Post (@washingtonpost) July 18, 2021
According to The Wire's analysis, the list includes numbers of top journalists from big Indian media houses like the Hindustan Times, including executive editor Shishir Gupta, India Today, Network18, The Hindu and Indian Express.
Three major Opposition figures, 2 serving ministers in the Modi government, one Constitutional authority, officials and heads of security organisations and businesspersons, are among others on the leaked list.
It is believed that most of these numbers were targeted between 2018 and 2019, in the run-up to the 2019 Lok Sabha general elections.
The Indian government has denied any involvement in the hacking. It said:
The allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever. In the past, similar claims were made regarding the use of Pegasus on WhatsApp by Indian state. Those reports also had no factual basis and were categorically denied by all parties, including WhatsApp in the Indian Supreme Court. This news report, thus, also appears to be a similar fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions.
In response to the data leak, the NSO Group has said that the Forbidden Stories report is full of wrong assumptions and uncorroborated theories.
#Pegasus | Cyber intelligence company NSO Group says the report by Forbidden Stories is “full of wrong assumptions and uncorroborated theories.” The statement says that the report “has no factual basis and is far from reality.” pic.twitter.com/LkfTjTtSrk— NDTV (@ndtv) July 19, 2021
According to Citizen Lab of University of Toronto, the Pegasus malware can evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by operators remotely.
It is further capable of stealing passwords, contacts, text messages, and accessing the phone's camera, microphone, and GPS, and other information with voice or video calls made through Whatsapp.