Congress leader Rahul Gandhi, election strategist Prashant Kishor, TMC leader Abhishek Banerjee and former election commissioner Ashok Lavasa were amongst those who came under surveillance using Pegasus spyware, according to The Wire.
In a jibe against Prime Minister Narendra Modi, Rahul Gandhi tweeted, "We know what he's been reading- everything on your phone!" Nine phones linked to Gandhi including five non-political friends were also believed to have been targeted.
The spyware also appears to have been used to target 11 phones linked to the woman who accused the former chief justice of India Ranjan Gogoi of sexual harassment.
Also targeted are the just-appointed IT minister Ashwini Vaishnav and another newly appointed government minister Prahlad Singh Patel.
The names were among a string of targets of the Pegasus spyware named by The Wire in a follow-up to their Sunday story that was published simultaneously by the Indian website, The Guardian, the Washington Post and 14 other media outlets.
The Wire said that at least of two of Gandhi’s mobile phone accounts were on a list of 300 verified Indian numbers that were potential targets of software licensed by Israeli private surveillance tech firm NSO. The Israeli company says it only sells its snooping software known as Pegasus to “vetted governments” to fight terrorism and other serious crimes. The Union government has denied carrying out any unauthorised surveillance.
Vaishnav, who appears to have been targeted for surveillance in 2017 when he wasn’t in politics, told Parliament on the opening day of the monsoon session on Monday that the allegations were an attempt to “malign” India’s democracy and that they contained “no substance’ too.
Rumours swirling for days
Before the report surfaced, rumours had been swirling for days that the Modi government was about to be rocked by a fresh instalment of what has become known as the “Pegasus spyware scandal.”
Kishor, who has a finger in many political pies, played a key role in the Bengal state elections and also advises the DMK in Tamil Nadu and the Congress in Punjab. He was dismissive about attempts to monitor his phones and told The Wire that the results of the West Bengal elections showed that such tactics did not work.
However, he added: “There is no denying that those who would do so were looking to take undue advantage of their position of power with the help of illegal snooping.” His latest successes include helping engineer Mamata Banerjee’s resounding victory in Bengal and M.K. Stalin’s resounding win in Tamil Nadu.
Ashok Lavasa, the former election commissioner, who was also reported to have been targeted by the software, had dissented in the election body’s decision to reject alleged poll code violations by Prime Minister Narendra Modi and Home Minister Amit Shah during the 2019 election campaign. The list also included at least one number used by Pakistani Prime Minister Imran Khan.
Kishor changed phones 5 times
It could not be confirmed whether the phones of many of the names listed were actually hacked as their mobiles were not available for forensic analysis. All that is known is that their names were on the list of potential surveillance targets. Kishor told the NDTV news channel that he had changed his mobile handset five times but his phone was still being hacked.
Trace of infection on Kishor’s phone was found, according to Amnesty International, on April 28, just before the last phase of polling in West Bengal and also in June and July 2021, around the time when he met Congress leaders Rahul and Priyanka Gandhi. The Wire said a further hack on his phone appeared on the day when its representatives had met him.
Gandhi appeared relatively unsurprised by news that his phone had come under attack and said he often changed both numbers and instruments to make it “a little harder for them” to target him. Gandhi added that he had received several suspicious Whatsapp messages which made him believe he was being targeted.
On Sunday, The Wire disclosed the names of prominent journalists, such as The Wire Editor Siddharth Varadarajan, that had been targeted. The names were revealed after the joint global-scale investigation conducted also by The Guardian, Le Monde, Die Zeit and 12 other Arab, Mexican and European news organisations.
The powerful surveillance tool was detected as being active on some of the Indian targets’ devices as recently as this month, according to The Washington Post. The hacking software is employed to infect iPhones and Android phones to extract messages, photographs, location data, emails, record calls and activate microphones. The malware can be put on a smartphone by clicking on a “trap link. It can even activate itself without any input in what is called a “zero-click: hack.
M.K. Venu, a founding editor of The Wire that was also on the potential spyware target list, has said more names will be revealed “soon.”
The news organisations were given a leaked database of numbers by Paris-based media non-profit Forbidden Stories and Amnesty International. The global investigation carried out forensic examinations of 37 phones of which 10 were Indian to confirm that they had been targeted by spyware.
Soon after the story broke simultaneously around the world, Indian journalist Swati Chaturvedi, whose phone is believed to have been tapped, tweeted: “Dear @PMOIndia why did your government put me on an intrusive surveillance list? For committing a crime of doing investigative journalism. Why was Pegasus software introduced on my phone? Pegasus is sold only to governments.”
The government has denied any link with the spyware and said the news article proves nothing. “In fact, previous attempts to link Pegasus with the government have failed," the government said. The Wire reported most of the names were targeted between 2018 and 2019 in the period leading up to the 2019 general elections.
The Wire said that the leaked database had numbers of over 40 journalists, three Opposition leaders, serving government ministers, current and formers officials of security organisations and “scores of businesspersons”.
The Wire itself was heavily targeted. The Wire Editor Siddharth Varadarajan whose phone was hacked according to the report told The Guardian: “This is an incredible intrusion and journalists should not have to deal with this.”
Forensic analysis is essential to prove that the phones have been infected with Pegasus Spyware. For technical reasons, it is easier to analyse if Pegasus software has been used against iPhones than against Android ones.
The phone of another journalist, Sushant Singh, who had worked on an investigation into the Rafale deal, was also subjected to forensic analysis and appeared to have had spyware installed on it. Singh said, “It compromises a journalist’s ability to report on matters of grave national importance.” Pegasus was active on Singh’s iPhone as recently as this month, the Washington Post reported, citing a forensic analysis.
Other Indian journalists whose names appear on the list that dates back to 2016 include Shishir Gupta, executive editor of the Hindustan Times; former editorial page editor Prashant Jha, defence correspondent Rahul Singh and Aurangazeb Naqshbandi, who covered the Congress.
An SC judge too?
One phone number on the Pegasus Projects database was earlier registered in the name of a sitting Supreme Court judge, The Wire said. However, it said the judge had given up the number at some point in the last few years.
Most of the numbers on the Pegasus database came from 10 countries including India, Azerbaijan, Kazakhstan, Hungary, Saudi Arabia, UAE, Bahrain, Morocco, Mexico and Rwanda. The Guardian described the countries alleged to be involved in the eavesdropping as being run by “authoritarian governments.”
Pegasus initially hit the headlines around the world in 2019 after it was reported that 1,400 phones had been targeted using the software. WhatsApp filed a suit against the NSO Group which created the software.
Among those whose phones were tapped abroad was the former fiancée of murdered Saudi columnist and dissident Jamal Khashoggi. The Pegasus database contains more than 50,000 potential global surveillance targets.
NSO to look at ‘credible claims’
The NSO Group refuses to divulge the list of its customers. It denied in a statement “false claims” about the actions of its customers but promised to “investigation all credible claims of misuse and take appropriate action.”
The telephone numbers on the list were printed without names but the investigation managed to identify over 1,000 people in more than 50 nations. They included 189 journalists globally, including those working at the Financial Times, The New York Times and CNN. There were also more than 600 politicians and government officials, including cabinet ministers, diplomats and military figures, and 85 human rights activists.
The Indian government said in its written statement there has been “no unauthorised interception” by government agencies. However, the occupations of the people to whom the Indian numbers belonged suggested that an official Indian agency would have been behind any attempt to place them on the hacking list, The Wire said.