ON January 3, the Supreme Court-appointed Technical Committee (TC) to investigate the snooping allegations using Pegasus spyware had issued a public notice urging citizens to contact it if they felt that their mobile device had been infected. The public notice required the concerned citizens to give reasons as to why they believed that their devices might have been infected with Pegasus malware and whether they would be in a position to allow the technical committee to examine them. The committee had given time till January 7, giving liberty to the citizens to email their representation to firstname.lastname@example.org. The TC was appointed vide order dated October 27 last year in Writ Petition (Criminal) No. 314 of 2021.
The Leaflet learns that at least four accused in the Bhima Koregaon case, and their counsel, Nihalsing B. Rathod, have written to the committee separately alleging that their mobile devices had been infected with the Pegasus malware.
Rathod, who is a practicing lawyer based in Nagpur and has been dealing with human rights cases, alleged that prior to March 2019, he had started receiving group video calls on his WhatsApp account. On trying to answer the same, the call would stand disconnected. Irritated with the repeated instances, he preferred to block those numbers using provisions made in the WhatsApp application. However, there were repeated calls from different international numbers which prompted him to lodge a complaint officially with WhatsApp.
Rathod alleged that his friend and colleague, advocate Jagdish Meshram, also had a similar complaint. Rathod brought to the committee’s notice that he heard similar grievances from Vira Sathidar (now deceased) and Minal Gadling, wife of advocate Surendra Gadling. The latter is currently in custody at Taloja jail in the Elgar Parishad/Bhima Koregaon case, having been arrested in June 2018.
In October 2019, Rathod disclosed that he received communication from John Scot, Senior Researcher of the University of Toronto-based Citizen Lab informing him that WhatsApp had engaged him to intimate victims of a spyware attack, and assist such victims in enhancing the security of their devices and privacy. Rathod revealed that his friend and fellow activist, Rupali Jadhav from Pune, informed him about similar communication she had with Citizen Lab. Minal Gadling, Meshram and the late Sathidar also confirmed that Citizen Lab had contacted them. WhatsApp later confirmed to Rathod that his phone was compromised by the use of spyware.
Rathod had represented Surendra Gadling, and activists Sudhir Dhawale, Rona Wilson, Mahesh Raut, Shoma Sen, Ramesh Gaichor and Sagar Gorkhe, all accused in the Bhima Koregaon case and currently incarcerated, before various courts. Rathod was also consulted on numerous occasions by scholar and activist Anand Teltumbade and activist Fr. Stan Swamy prior to their arrest in the case.
Rathod believes that his phone was intercepted for accessing privileged communication and legal strategies drawn on behalf of his clients.
“It being a client-counsel relationship … any targeting of my phone would not only be a serious violation of my own privacy but also a grave violation of my professional privilege, compromising my ability to represent my clients and violating their as well as my constitutional right to fair representation in court”, Rathod told the Committee.
Rathod expressed apprehension that apart from Pegasus, spyware such as Netwire was also used by Indian agencies for similar purposes. While Pegasus allows access to mobile devices, Netwire gives remote access to computer devices. “[T]he infection for planting netwire is done through emails, and such suspicious emails do exist in my email account. I further say that similar such infection has been found in the computer devices of at least 9 activists in India”, Rathod wrote in his complaint to the TC.
Rathod confided to the TC that he did not replace his infected mobile device, despite advice he received to the contrary, as he did not have the funds to do so. However, he had given his phone for forensic examination to M/s Forensic Architecture, a human rights organisation based abroad. The examination, Rathod claimed, was inconclusive, while he was likely to receive the device back.
Rathod has disclosed that he was not very hopeful of any benefit from forensic examination of his device, as he has learnt from certain stakeholders that android-based equipment do not show traces of this particular spyware. Yet, his phone device contains records of original calls/missed calls received from international numbers, and a list of the numbers blocked, exhibiting the tactic adopted to implant Pegasus. It also has the original message sent by M/s WhatsApp informing and acknowledging of the infection.
Rathod offered to submit his mobile device for examination, in case the TC felt it would be useful. He also sought an opportunity to appear before the TC, and cross-examine the agencies it may summon in the course of the enquiry. He urged the proceedings of the committee to be made public, with people willing to give information being allowed to appear before the committee and cross examine any witnesses of government agencies it may summon.
In particular, Rathod sought investigation to find out under whose authority and direction, the spyware was used against lawyers, journalists, human rights activists and politicians. He also wanted to know which of his personal information, data and records were accessed by the operators. He also asked the TC to probe which law authorised the use of the spyware against him, and what is the record of authorising the use of the spyware against him and his colleagues.
Rona Wilson, under judicial custody in the Bhima Koregaon case since June 2018, wrote to the TC – through his advocate, R. Sathyanarayanan – that after Caravanbroke the story on how his hard disk contained malware that allowed remote access, his lawyers sent a copy of his hard disk, made available by the prosecution, for independent forensic analysis, to the American Bar Association (ABA). On July 31, 2020, the ABA got in touch with Mark Spencer, President of Arsenal Consulting, a leading and independent expert firm on digital forensics to conduct a forensic analysis of the clone copy of the disk seized by the Pune Police.
On February 8 last year, Arsenal Consulting revealed that his computer was compromised for 22 months from June 13, 2016 using the malware NetWire, and the attacker’s primary goal was for surveillance and incriminating document delivery. It also showed, among other things, that the ten most incriminating documents used against Wilson and his co-accused were never opened on his computer by Wilson.
In its subsequent report, Arsenal Consulting further revealed that there is no evidence of legitimate interaction with additional files of interest on Wilson’s computer, and that 22 of the 24 files were directly connected to the attacker, identified in Report I.
In Report III, released on June 21 last year, Arsenal Consulting further stated that Surendra Gadling’s computer was compromised for just over 20 months by the same attacker identified in Reports I and II.
In Report IV, released on December 17 last year, Arsenal Consulting confirmed the successful Pegasus infection of Wilson’s iPhone.
Wilson filed a petition at the Bombay High Court (Criminal Writ Petition No. 1769 of 2021) alleging planting of documents, and for enquiry by an independent expert.
As Wilson’s electronic devices, including the hard disk and phone, are with the National Investigation Agency (NIA), he requested the TC to call upon the NIA to furnish the original electronic devices for examination. He, however, offered to submit his clone copy of his hard disk from his computer to the TC for examination.
Lawyer and activist Arun Ferreira, an accused in the Bhima Koregaon case, now serving as an undertrial prisoner in judicial custody at Taloja jail since August 2018, has also written to the TC – through his advocate, Neeraj Yadav – alleging snooping by Pegasus. He claimed that as his mobile phone was seized by the Pune police on August 28, 2018, and is now in the custody of the NIA, Mumbai, he is not in a position to submit his phone before the TC.
Academic and activist Dr. Shoma Sen, another accused in the Bhima Koregaon case and incarcerated since June 2018, in her representation to the TC – through her advocate, Kritika Agarwal – has claimed that her infected phone was seized by the Pune police on June 6, 2018, and is now in the custody of the NIA, Mumbai. Therefore, she claimed she is not in a position to submit her phone before the TC. She sought the TC’s direction to the NIA, Mumbai, and the Special NIA Court, Mumbai, to hand over her mobile phone for enquiry into the issue of snooping by Pegasus.
Vernon Gonsalves, accused in the Bhima Koregaon case and now lodged in Taloja since August 2018 – through his wife and advocate, Susan Abraham – also made a similar representation to the TC. His mobile phone was seized by the Pune police on August 28, 2018, and is now in the custody of the NIA. He too, like the other accused in the case, requested the TC to direct the NIA, Mumbai to hand over his phone to it for enquiry.