Phones of ministers, journalists, lawyers and activists tapped by Pegasus spyware. Indians should worry

In the days ahead, we will know more about the investigations as they will be released in parts. Clearly, there is going to be a stormy monsoon session in Parliament as opposition members will question the government’s role in the snooping scandal. These revelations, if true, bode dangerously for the health of our democracy, writes RAMESH MENON as he recaps what we know about the Pegasus hacking allegations so far.

 —-

ON the eve of the monsoon session of Parliament, India was rocked with the news that over 300 Indian individuals, which includes politicians, lawyers, activists and journalists were among a list of 50,000 for cyber-surveillance targets across the world, as their phones were either hacked or identified for snooping. This was done with the help of Pegasus, the phone hacking software developed by NSO Group, an Israeli tech company.

Those who were targeted allegedly include a Supreme Court judge, opposition party leaders, government officials, two serving Union Cabinet ministers, scientists, businessmen and journalists.

Over 40 journalists, including several currently or formerly associated with mainstream Indian publications like The WireHindustan TimesMintThe Indian Express and The Hindu were allegedly targeted, according to an investigation by a consortium of 17 media organisations that includes The WireThe Washington Post, and The Guardian, among others. Some phones of individuals on the target list  that was subjected to a forensic examination was found to be hacked or bore signs of attempted hacking.

Who have been named as hacking targets so far?

Some of those who were reportedly targeted were Shishir Gupta (Hindustan Times’ executive editor), Prashant Jha (HT’s editorial page editor and former bureau chief), Rahul Singh (HT’s defence correspondent) Siddharth Vardharajan, M.K. Venu (both founding editors of The Wire), Rohini Singh (regular contributor to The Wire), Sandeep Unnithan (reporter on defence and the Indian military for India Today), Vijaita Singh (union home ministry reporter for The Hindu), J. Gopikrishnan (investigative reporter with The Pioneer), Sushant Singh (former deputy editor at The Indian Express), Muzamil Jaleel, Ritika Chopra (reporters on Kashmir, and education and the Election Commission, respectively, at IE), and independent journalists like Paranjoy Guha Thakurtha, Swati Chaturvedi and Prem Shankar Jha.

According to The Wire, Rohini Singh’s name appeared on the list soon after she reported on the business affairs of union home minister Amit Shah’s son, Jay Shah, and Nikhil Merchant, a businessman who is close to Prime Minister Narendra Modi. During that time, she was also investigating the dealings of Union Minister Piyush Goyal with businessman Ajay Piramal. 

Sushant Singh’s number appeared on the list when he was looking into India’s controversial Rafale aircraft deal with France. Jharkhand-based independent journalist Roopesh Kumar Singh’s name appeared on the list after he reported on the alleged fake encounter of an innocent Adivasi in 2017.

The names of eight of the 16 activists and academics arrested in connection with the Bhima Koregaon case were also allegedly targeted for snooping, according to the leaked list. These are Rona Wilson, Hany Babu, Vernon Gonsalves, Anand Teltumbde, Shoma Sen, Gautaum Navlakha, Arun Ferreira and Sudha Bharadwaj.

Forensic consulting company Arsenal Consulting had revealed in two reports earlier this year that evidence found in the computers of Wilson and Surendra Gadling, another of the Bhima Koregaon arrestees, was planted into their devices through sophisticated hacking. 

Also read: Explainer: Arsenal Report on Surendra Gadling

According to The Wire, the list also included the numbers of Varavara Rao’s daughter Pavana; Gadling’s wife Minal Gadling and his lawyers Nihalsinh Rathod and Jagadish Meshram; Bharadwaj’s lawyer Shalini Gera; Teltumbde’s friend Jaison Cooper who is a rights activist; Kabir Kala Manch cultural group member and Sagar Gorkhe’s partner Rupali Jadhav; Mahesh Raut’s lawyer Lalsu Nagoti; Naxalite movement scholar and Bastar-based lawyer Bela Bhatia; and as many as five family members of another Bhima Koregaon accused. Rao, Raut and Gorkhe are all under arrest as accused in the Bhima Koregaon case, with Rao currently out on interim medical bail.

A few hours back, it was revealed that other prominent public persons on the list of targets were political strategist Prashant Kishor (a forensic examination of his phone has confirmed the presence of the spyware), Indian National Congress MP Rahul Gandhi and his aides, Union Ministers Ashwini Vaishnaw and Prahlad Singh Patel (as well as 18 phones within Patel’s close circle), Trinamool Congress MP Abhishek Banerjee, former election commissioner Ashok Lavasa (who had faulted Modi for violating the Model Code of Conduct in the 2019 Lok Sabha election campaign), founder of election watchdog Association for Democratic Reforms (ADR) Jagdeep Chhokhar, the Supreme Court staffer and her close relatives who accused former Chief Justice of India Ranjan Gogoi of sexual harassment in April 2019, virologist Gagandeep Kang, India head of the Bill and Melinda Gates Foundation Hari Menon (alongside at least one more employee of the Foundation)

Opposition demands answers; Govt, NSO deny wrongdoing

 INC MPs Shashi Tharoor and Anand Sharma called for an independent investigation into the surveillance accusations. AIMIM chief and MP Asaduddin Owaisi too raised questions over whether the union government has been using Pegasus.

It is clear that under The Indian Telegraph Act and Information Technology Act, lawful interception is only allowed if procedures laid down to do it are followed. Under the IT Act, the use of hacking for the purpose of installing surveillance spyware is an offence.

The leaked database of around 50,000 numbers were accessed by Forbidden Stories, a media non-profit based in France and international human rights NGO Amnesty International and then passed on to select media organisations that formed a collaborative investigative project called Pegasus Project to study it. The Wire is a part of the project. Not all the numbers have been compromised, the investigation said.

The Indian government was quick to dismiss the investigation as a “fishing expedition” and said that it was committed to free speech as a fundamental right. There was a lack of diligence by the esteemed media organisations involved, and each case of interception, monitoring and decryption are approved by a competent authority like the Union Home Secretary, it stated.

Also read: India not done enough to secure cybersecurity: IISS report

 NSO said that it had no insight into the specific intelligence activities of its customers, and maintained that it sells its software solely to law enforcement and intelligence agencies of “vetted governments”. Investigations will probably reveal if India was one of them.

What is Pegasus, and why should we be worried?

Pegasus can intercept communications, stored files, and messages on the devices of its targets as well as access the microphone and the camera. The phone’s location can also be accessed. 

The Citizen Lab of the University of Toronto says that Pegasus is designed to evade forensic analysis, avoid detection by anti-virus software, and can be remotely deactivated and removed.

Researchers of Kaspersky labelled Pegasus as a tool for total surveillance. It said that after scanning the target’s device, it installs modules that can read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, and exfiltrate browser history and contacts. 

Imagine. All our lives can be watched 24 hours a day. 

The only way to possibly get rid of Pegasus is to throw away the phone, as experts say that even resetting your phone will not get rid of the spyware. Even the most security-conscious person who is extremely alert can be attacked and they would not even know it. 

 Just a WhatsApp call is enough for Pegasus to get into the phone even if you do not pick up the call!  Many of us lived under the illusion that iPhones could not be hacked into. But iPhones have been hacked with this software.

 It is not just Indians who should be concerned. Most of the numbers on the list of Pegasus targets are concentrated in nine other countries, apart from India: Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates. Each of these countries is run by autocratic regimes of varying degrees.

International journalists were also targeted. Some of them are from reputed media houses such as The Washington PostBloomberg NewsThe New York TimesAl JazeeraCNNAssociated Press, and The Financial Times.

In the days ahead, we will know more about the investigations as they will be released in parts. Clearly, there is going to be a stormy monsoon session in Parliament as opposition members will question the government’s role in the snooping scandal. These revelations, if true, bode dangerously for the health of our democracy.

(Ramesh Menon is a senior journalist, educator, documentary filmmaker and editor of The Leaflet. The views expressed are personal.)