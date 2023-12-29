Following a recent Washington Post report* stating that the Indian government cracked down on Apple after it issued warnings to Indian MPs and journalists that state-sponsored attackers might be targeting their iPhones, India’s Minister of State for IT Rajeev Chandrasekhar took to X to tweet that the Post’s story is mostly “creative imagination & clickbaiting at work masquerading as journalism.”

What did the story say? The December 27th Washington Post story claimed that “senior” government officials privately demanded that Apple India “help soften the political impact of the warnings,” while also holding a meeting with a consultant and Apple to devise “alternative explanations” for the security alerts. Indian officials allegedly also asked the tech giant to “withdraw” the alerts and “say it had made a mistake.” The company reportedly said that it could only issue a statement emphasising the caveats on the warnings mentioned on its tech support page.

Apple’s PR machinery allegedly asked India’s tech journalists reporting on the matter to highlight that the alerts could be false alarms, and that similar ones were also issued to users across 150 countries. A memo developed by the ruling Bharatiya Janata Party and distributed to media outlets and “party surrogates” contained a similar agenda. The evening the memo was circulated, government officials speaking off-the-record conversations with journalists suggested that Apple’s systems had suffered from “algorithmic malfunction.” Apple officials who engaged with the government on the alerts told the Post that “when Apple sends a notification, that’s yelling ‘fire.’ You’d better be pretty confident there’s a fire”. Responding to the Post’s queries on the matter, the IT Ministry said “we have instituted technical investigation in the reported matter. So far, Apple has cooperated fully in the investigation process.”

How did Chandrasekhar respond? Describing the story as “half facts, fully embellished 😅”, Chandrasekhar said that the Indian government’s stance on the issues has been clear since reports of the alerts first broke in October—”it is for Apple to explain if their devices are vulnerable and what triggered these notifications.” Apple was also asked to join an ongoing inquiry with India’s cybersecurity emergency response team, for which meetings have already been held. Chandrasekhar claimed that the story also left out Apple’s October 31st statement on the developments, which said: “Apple does not attribute the threat notifications to any specific state-sponsored attacker. State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.”

Rebutting @washingtonpost ‘s terrible story telling is tiresome, but someone has to do it. ➡️This story is half facts, fully embellished 😅 ➡️Left out of the story is Apples response on Oct 31- day of threat notifications “Apple does not attribute the threat notifications to… https://t.co/6XhRC8QVBu — Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) December 28, 2023

How did the Indian government respond to the original Apple alerts earlier this year? In October, the targeted MPs included prominent politicians from the opposition like Mahua Moitra, Priyanka Chaturvedi, Asaduddin Owaisi, Sashi Tharoor, and Raghav Chadha. Journalists like Sriram Karri (Resident Editor, Deccan Chronicle) and Siddharth Varadarajan (founding editor, The Wire) also claimed to have received the alert. At the time, Union Minister for IT Ashwini Vaishnaw acknowledged the developments on Twitter, stating:

“…The notification received by them as per media reports mentions about ‘state-sponsored attacks’ on their devices. However much of information by Apple on this issue seems vague and non-specific in nature. Apple states these notifications maybe based on information which is ‘incomplete or imperfect’. It also states that some Apple threat notifications maybe false alarms or some attacks are not detected…Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user’s explicit permission. This encryption safeguards the user’s Apple ID and ensures that it remains private and protected…In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks.”

How do these alerts work? In tandem with reports that governments had used Pegasus spyware to infect citizens phones and spy on them in 2021, Apple launched a feature alerting users of when it notices activities consistent with state-sponsored attacks. According to Apple’s support page,

“These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop and often have a short shelf life.”

Were Apple’s alerts alluding to fact or fiction? Writing on X when the story first broke, the Internet Freedom Foundation’s Founding Director Apar Gupta had this to say on the veracity of the allegations:

“Let me directly address the naysayers. Are these merely ‘false alarms’? Let’s consider the evidence: Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile. Secondly, Access Now and Citizen Lab last month have confirmed the validity of Apple’s threat notifications sent to Russian journalists, including Meduza’s publisher. These confirmations lend high credibility to such notifications. Thirdly, Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called ‘The Predator Files’. With imminent state assembly elections and the 2024 general elections not far off, the timing of these threat notifications is alarming. Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy.” — Apar Gupta, Advocate and Founding Director, Internet Freedom Foundation (IFF)

*MediaNama’s Editor Nikhil Pahwa was quoted in the December 27th Washington Post story.

Read more