wordpress blog stats
Connect with us

Hi, what are you looking for?

Pegasus Spyware: All the latest facts on who was targeted, the modus operandi, and more

By Aroon Deep, Anushka Jain, Aihik Sur, and Karan HM

The net of the victims of the alleged spyware attack using NSO Group’s Pegasus keeps getting wider, with The Wire on Monday afternoon confirming that the spyware was found in the smartphone of election strategist Prashant Kishore. Other reports by The Wire, released on the same day said that clients of the NSO Group had shortlisted Congress leader Rahul Gandhi, newly-inducted Minister for Electronics and Information Technology (MeitY) Ashwini Vaishnaw, former member of the Election Commission Ashok Lavasa as “potential targets for surveillance”. On Sunday, Forbidden Stories and partnered news outlets reported that several Indian activists, journalists, and politicians had been targeted between 2017 and 2019 by NSO’s Pegasus spyware that is only sold to nation-states. 

Why this matters: These revelations have major implications on surveillance and privacy. While India has long been suspected of being a Pegasus buyer, the scale and nature of surveillance it has embarked upon, and the targets it seems to have picked, don’t appear to indicate national security concerns of organised crime dealings — for which surveillance is usually sanctioned. However, Monday’s revelation by The Wire, which named Gandhi, Lavasa and others seemed to indicate that there can be political motive behind these cyber attacks.

The Indian government has not categorically denied spying on the individuals, but did cite surveillance laws and said that “allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever”. 

Advertisement. Scroll to continue reading.

You can read the Pegasus Project reports here: 


Who was impacted by Pegasus? A long list

The 300 reportedly verified Indian mobile telephone numbers include those used by

  • Ministers,
  • Opposition leaders,
  • Journalists,
  • the legal community, including a sitting Supreme Court Judge
  • Businessmen,
  • Government officials,
  • Scientists,
  • Rights activists and others.

According to reports released as part of the Pegasus Project, the following were listed as targets for surveillance:

  • Ashwini Vaishnaw, Minister of Electronics and Information Technology (MeitY)
  • Prahlad Patel, Minister of State for Jal Shakti
  • Congress politician Rahul Gandhi
  • Personal secretary to Vasundhara Raje Scindia when she was BJP’s CM in Rajasthan
  • Sanjay Kachroo, Officer on Special Duty (OSD) for Smriti Irani, when she was a Union minister in 2014
  • Pravin Togadia, Vishwa Hindu Parishad member
  • Former Karnataka deputy chief minister G. Parameshwara
  • Personal secretary to former Chief Minister and JD(S) leader HD Kumaraswamy
  • Personal secretary to former Chief Minister and Congress leader Siddaramaiah
  • VK Jain, Personal Assistant to Delhi Chief Minister Arvind Kejriwal
  • A senior employee of the NITI Aayog
  • An undersecretary in the Prime Minister’s Office in 2017
  • Former Election Commission member Ashok Lavasa
  • Former CBI Chief Alok Verma; his wife, daughter, and son-in-law
  • Senior CBI officials Rakesh Asthana and A.K. Sharma
  • Senior Enforcement Directorate (ED) Officer Rajeshwar Singh and three of his family members
  • Supreme Court staffer who accused former Chief Justice of India Ranjan Gogoi of sexual harassment in 2019
  • Poll strategist Prashant Kishor
  • Association for Democratic Reforms (ADR) cofounder Jagdeep Chhokhar*
  • Former Director-General of Border Security Force (BSF) KK Sharma
  • BSF Inspector General of Police Jagdish Maithani
  • Retired senior Research and Analysis Wing (RAW) official Jitendra Kumar Ojha and his wife
  • Colonel Mukul Dev
  • Colonel Amit Kumar
  • Pakistan Prime Minister Imran Khan
  • Kashmiri separatist leader Mirwaiz Umar Farooq
  • Ambassadors to India from Iran, Afghanistan, China, Nepal, and Saudi Arabia
  • Bihar Cricket Association President Rakesh Tiwary (two phone numbers)

According to a report by The Wire, 40 Indian journalists were listed as targets between 2017 and 2019. The list includes journalists from nearly every major media outlet-

  • Ritika Chopra (Senior Assistant Editor), Muzamil Jaleel (Kashmir Chief of Bureau), Sushant Singh (Former Associate Editor) from the Indian Express
  • Siddharth Vardarajan (Founding Editor), M.K. Venu (Founding Editor), Devirupa Mitra (Diplomatic Editor) of The Wire.
  • Rohini Singh, Swati Chaturvedi, and Prem Shankar Jha who are contributors to The Wire were also listed. 
  • Shishir Gupta, (Executive Editor), Prashant Jha (former bureau chief), Rahul Singh at Hindustan Times
  • Vijaita Singh of The Hindu 
  • Paranjoy Guha Thakurta (Former EPW editor)
  •  S.N.M. Abdi (Former Outlook journalist)
  • Sandeep Unnithan (Senior Correspondent) at India Today
  • Saikat Dutta (Former senior editor at Asia Times)
  • J. Gopikrishnan (Former special correspondent at The Pioneer)
  • Smita Sharma (Former reporter at The Tribune)
  • Iftikhar Ghilani (DNA reporter)
  • Santosh Bhartiya (Former Lok Sabha MP and journalist)
  • Roopesh Kumar Singh (Independent journalist)
  • Sanjay Shyam (Journalist)
  • Jaspal Singh Heran (Editor of Punjabi-daily Rozana Pehredar)
  • Manoranjan Gupta (Editor-in-chief of Frontier TV)

Of these, the smartphones of 8 journalists, were submitted for forensic analysis and showed that –

  • The smartphones of S.N.M Abidi, Sushant Singh, M.K. Venu, Siddharth Vardarajan, and Paranjoy Guha Thakurta were infected by the Pegasus Spyware.
  • Smita Sharma’s iPhone and Vijaita Singh’s android phone showed evidence of an attempted hack but no evidence of successful completion.
  • The iPhone of another editor of a mainstream newspaper was subjected to the analysis however the report says that no traces of Pegasus could be found primarily because it was not the same device she used during the period for which her name has been mentioned in the list.
  • In 2021, Sushant Singh’s iPhone was compromised from March to July 2021 through ‘what Amnesty International calls a zero-click exploit in the iMessage service’. M.K. Venu’s phone was also infected in June 2021 through a zero-click exploit.
  • In April 2018, Siddharth Vardarajan’s phone was compromised along with SNM Adbidi’s and Paranjoy Guha Thakurta’s phones. Thakurta’s phone was subsequently compromised during May, June, and July 2018 as well, while Abidi’s phone was subsequently compromised during April, May, July, October as well as December 2019. The method by which all three were attacked could not be determined.

Activists related to the Elgar Parishad case listed

According to The Wire, at least nine numbers belonging to eight activists, lawyers, and academics arrested for their involvement in the Elgar Parishad case were listed in the database. 

This includes-

  •     Activist Rona Wilson
  •     Professor Hany Babu
  •     Activist Vernon Gonsalves
  •     Academic and civil liberties activist Anand Teltumbde
  •     (Retd.) Prof Shoma Sen
  •     Journalist and rights activist Gautam Navlakha
  •     Lawyer Arun Ferreira
  •     Academic and activist Sudha Bharadwaj

Along with this, numbers of lawyers, relatives, and friends of the arrested activists have also been listed in the database.

These include-

  • Writer Varavara Rao’s daughter
  • Lawyer Surendra Gadling’s wife Minal Gadling and his associate lawyers Nihalsingh Rathod and Jagadish Meshram. It  also includes one of his former clients Maruti Kurwatkar
  • Sudha Bharadwaj’s lawyer Shalini Gera
  • Anand Teltumbde’s friend Jaison Cooper, a Kerala-based rights activist
  • Lawyer Bela Bhatia who is a scholar on the Naxalite movement
  • Rupali Jadhav, one of the oldest members of the Kabir Kala Manch cultural group
  • Tribal rights activist Mahesh Raut’s close associate and lawyer Lalsu Nagoti
  • Former Delhi University professor Syed Abdul Rahman Geelani
  • Retired professor G. Haragopal, chairman of the Defence Committee
  • Assistant DU professors Saroj Giri and Rakesh Ranjan who would regularly attend solidarity meetings
  • Professor Saibaba’s wife Vasantha Kumari
  • Activist Umar Khalid

The sixteen media organisations collaborating on the Pegasus Project have said that more names of victims will be disclosed in subsequent stories.

How were they targeted? 

Amnesty Security Lab, which conducted the forensic tests on a few of the victims’ phones to figure out how the Pegasus attack was perpetrated, also examined the iPhone of former Delhi University professor Syed Abdul Rahman Geelani, a The Wire report said. Its examinations found that Geelani had received a slew of tailor-made text messages on his mobile phone. For instance —

  • “United Nations launches online portal for the independence of Kashmir”
  • “Another incident showing Indian Army beating librandu Kashmiri youth mercilessly to chant Pakistan Murdabad”

The Wire said that it was unclear if these SMS-based attacks worked, but Amnesty International’s Security Lab showed that Geelani’s phone was compromised by Pegasus on and off between February 2018 and January 2019, and then again from September 2019 to October 2019. “At least one of these attacks, Amnesty notes, was carried through a zero-click iMessage exploit,” the report added.

Amnesty International’s Security Lab’s forensic examination also gives details into this iPhone exploit along with a look into several other methods through which victims were attacked. These are the key findings —

  • Zero-click exploits remain functional through the latest available version of iOS (July 2021)
  • These zero-click attacks do not require any interaction from the target
  • It has been observed since May 2018 and has been continuing till date
  • The zero-click exploit was widely used in 2019 and has made a return in 2021. On the other hand, SMS messages carrying malicious links which were a tactic of choice for NSO Group’s customers between 2016 and 2018, has become rarer

Amnesty International’s insights into phones of Indian journalist

iPhone XR running iOS 14.6: Amnesty International’s Security Lab said that it had evidence of compromise of the iPhone XR of an Indian journalist running iOS 14.6 4as recently as 16th June 2021. “While we have not been able to extract records from Cache.db databases due to the inability to jailbreak these two devices, additional diagnostic data extracted from these iPhones show numerous iMessage push notifications immediately preceding the execution of Pegasus processes,” the lab said.

iPhone 12 running iOs 14.6: Amnesty Security said that the analysis of a fully-patched iPhone 12 running iOS 14.6 of an Indian journalist also revealed signs of a successful compromise. “The most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” it added.

Prashant Kishore’s phone: In Kishor’s case, a The Wire report said, the forensic results showed that least one attack (in July 2021) was likely done through zero-click iMessage exploit.

Advertisement. Scroll to continue reading.

How were Pegasus network attacks discovered?

Amnesty International’s Security Labs said that the body’s investigation into NSO Group’s Pegasus intensified following their discovery of the targeting of an Amnesty International staffer. These findings were refined when the attacks on Moroccan human rights activists were discovered and were further corroborated when it found a cyberattack on a Moroccan journalist in 2020.

The earliest version of Pegasus was discovered in 2016, when researchers found that devices infected with the spyware were tricking a target a target to click on a malicious link. Since then, a Guardian report said that NSO’s attack capabilities have become more advanced.

IFF’s questions on Pegasus to IT Standing Committee

The Parliamentary Standing Committee on Information Technology is scheduled to have a meeting on July 28 to discuss ‘Citizen’s data security and privacy’, as per the Lok Sabha website. The meeting will also involve presentations of evidence from representatives of MHA, Meity, and MoC. In view of the recent revelations about Pegasus, the Internet Freedom Foundation (IFF) wrote a letter to the Committee with a list of questions directed at the government representatives:

To Ministry of Home Affairs (MHA):

  • Has the MHA or any agency under the Ministry procured the Pegasus software? What were the financial considerations?
  • Has the MHA deployed the Pegasus tool? Since hacking is a criminal offense as per Indian law, how is the use of Pegasus being authorised in India?
  • If such tools have indeed been used, were these surveillance requests issued and reviewed by competent authorities?
  • If orders for interception and monitoring have been issued, what is the time period for such orders were in force? To which intermediaries have such orders been sent?
  • Is the MHA contemplating conducting an investigation into possible origins of the alleged attack?
  • What are the steps that are being taken to ensure that such violations of the fundamental rights of an Indian citizen are not repeated and that the digital safety & security of Indian citizens are not compromised?
  • Has the MHA sent any questionnaire to the NSO Group and sought specific disclosure from them?

To Ministry of Electronics and Information Technology (MeitY) and Ministry of Communications (MoC):

  • Were the MeitY and/or MoC or any agency under the ministries involved in the procurement of Pegasus by the MHA and/or any other agency/authority of the Government of India?
  • Has the MeitY and/or MoC deployed the Pegasus tool? Since hacking is a criminal offense as per Indian law, how is the use of Pegasus being authorised in India?
  • If such tools have indeed been used, were these surveillance requests issued and reviewed by competent authorities?
  • If orders for interception and monitoring have been issued, what is the time period for which such orders were in force? To which intermediaries have such orders been sent?
  • Is the CERT-IN contemplating conducting an investigation into possible origins of the alleged attack?
  • What are the steps that are being taken to ensure that such violations of the fundamental rights of an Indian citizen are not repeated and that the digital safety & security of Indian citizens are not compromised?
  • Has the MHA sent any questionnaire to the NSO Group and sought specific disclosure from them?

What we knew before, a timeline:

  • May 2019: A report by the Financial Times reveals that attackers used a vulnerability in WhatsApp to target users’ phones. It adds that the malicious code was developed by a secretive Israeli company called NSO Group.
  • September 2019: WhatsApp informs CERT-In that 121 Indian users were targeted by Pegasus through the WhatsApp vulnerability, adding “the full extent of this attack may never be known”.
  • October 2019
    • WhatsApp sues the NSO Group for exploiting the since-then fixed vulnerability in Northern District of California.
    • A few days later, in response to an RTI, the Home Ministry neither confirms nor denies whether it purchased the Pegasus malware.
  • November 2019:
    • WhatsApp confirms to The Indian Express that Pegasus was indeed used to carry out surveillance on journalists and human rights activists in India. 
    • In a Parliamentary debate, then-IT Minister Ravi Shankar Prasad categorically states, “And, Sir, to the best of my knowledge, no unauthorised interception has been done.” He also adds that it is a coincidence that critics of the Modi government were targeted.
  • June 2020: An Amnesty International and Citizen Lab investigation reveals that at least 3 Indian human rights activists, who called for the release of the eleven activists arrested in the Bhima Koregaon case, were targeted with NSO Group’s Pegasus spyware in 2019.
  • September 2020: The Ministry of Electronics and Information Technology (MEITY) categorically denies that “the government or any of its agencies have access to the data and voice messages circulated through WhatsApp”. This was a first since it usually obfuscated on the issue, or at least on the issue of purchase of the Israeli spyware.

Also read: 

*Jagdeep Chhokar is related to Nikhil Pahwa, founder and editor of MediaNama.

Update, July 19, 7.25 pm: The post has been updated with new details of political strategist Prashant Kishor, whom The Wire confirmed to be another victim of NSO Group’s Pegasus. The post also includes The Wire’s reports which name Congress politician Rahul Gandhi, MeitY minister Ashwini Vaishnaw, Union minister Prahlad Patel as ‘potential targets of surveillance’.

Update, July 20, 7.00 pm: The post has been updated with new details of former Karnataka deputy chief minister G. Parameshwara, and personal secretaries to former chief ministers HD Kumaraswamy and Siddaramaiah being listed as ‘potential targets of surveillance’ as confirmed by The Wire’s reports.

Update, July 21, 11:58 am: The post has been updated with new details of Pakistani PM Imran Khan, Kashmiri separatist leader Mirwaiz Umar Farooq, and ambassadors to India from Iran, Afghanistan, China, Nepal, and Saudi Arabia being listed as ‘potential targets of surveillance’ as confirmed by a Le Monde report. 

Advertisement. Scroll to continue reading.

Update, July 23, 11:01 am: The post has been updated with new details of former CBI Chief Alok Verma and his family members as well as senior CBI officials Rakesh Asthana and AK Sharma being listed as ‘potential targets of surveillance’ as confirmed by a report from The Wire. 

Update, July 23, 2:00 pm: Added questions from Internet Freedom Foundation (IFF). 

Update, July 26, 3:00 pm: The post has been updated with new details of a senior ED Officer, Kejriwal’s aide, PMO and NITI Aayog Officials being listed as ‘potential targets of surveillance’ as confirmed by a report from The Wire. 

Update, July 26, 3:05 pm: The post has been updated with new details of retired BSF Director General KK Sharma, BSF Inspector General of Police Jagdish Maithani, two serving colonels, and a senior RAW official being listed as ‘potential targets of surveillance’ as confirmed by a report from The Wire. 

Update, July 26, 3:10 pm: The post has been updated with new details of Bihar Cricket Association President Rakesh Tiwary being listed as ‘potential targets of surveillance’ as confirmed by a report from The Wire. 

Advertisement. Scroll to continue reading.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

News

By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...

News

By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...

News

By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...

News

This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like

News

The Pegasus exposé led to disrupted proceedings of Parliament, with the Rajya Sabha being adjourned three times in one day and similar disruptions in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ