Phone numbers of over 40 Indian journalists feature in a leaked list of potential target for surveillance using Israeli spyware Pegasus, reveals a joint investigation by The Wire and several other international news organisations.
"The leaked data includes the numbers of top journalists at big media houses like the Hindustan Times, including executive editor Shishir Gupta, India Today, Network18, The Hindu and Indian Express," The Wire reported.
Furthermore, digital forensic analyses conducted on phones of at least 10 numbers of journalists from the leaked list reveals successful or attempted Pegasus hack. This includes numbers of three Wire journalists - Siddharth Varadrajan, M.K. Venu and Rohini Singh, along with that of former Economic and Political Weekly editor Paranjoy Guha Thakurta and former Outlook journalist S.N.M. Abdi.
The leaked list was accessed by French non-profit Forbidden Stories and Amnesty International, which was then shared with media outlets around the world, including The Wire, The Washington Post and The Guardian, for a collaborative investigation called the Pegasus Project.
This is the first of a series of reports by The Wire and other organisations that are part of the project.
Following the report by The Wire, the Indian government denied the allegations of using the spyware to conduct surveillance. "The allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever," the government told news agency ANI.
"No Unauthorised Use"
Pegasus is developed by Israeli spyware firm NSO Group, and according to the company, provided only to "vetted governments". While the company has not made its list of clients public, given that the targets of surveillance has been those critical of the government, the spotlight currently shines on the Narendra Modi-led administration
In October 2019, an investigation by WhatsApp and Toronto-based Citizen Lab had revealed that over 1,400 users had been targetted with Pegasus, which included 121 Indians. WhatsApp subsequently filed a lawsuit against NSO Group in a California state court.
Responding to WhatsApp's allegations, NSO Group had stated that "there is no dispute that the alleged use of Pegasus to message 1,400 foreign WhatsApp users in April and May 2019 was done by sovereign governments in foreign countries".
During the Winter session of the Parliament in 2019, former Minister of Electronics and Information Technology, Ravi Shankar Prasad, had stated that there has been no "unauthorised use" of the spyware in the country.
Zero Click Hack
Pegasus is used by exploiting vulnerabilities with messenger app WhatsApp, which is ubiquitously used my many across the world. India is currently WhatsApp's largest market.
Unlike other spywares, Pegasus can infect a phone with a simple missed call on WhatsApp. The call log is subsequently cleaned, leaving the user clueless about the hack.
Once successfully installed in a phone, the spyware can extract data on pretty much everything - calls, texts, screenshots, location, camera and microphone, along with the location of the phone.
More recently, analysts at Amnesty International discovered a 'zero-click' exploit in the iMessenger service to access text messages. Zero-click gets its name from the fact that it requires no click from the user to infect a phone.