The telephone numbers of over forty journalists were found in a leaked list of surveillance and forensics examinations that revealed that some devices exhibit signs of snooping by Pegasus. Three Hundred verified Indian mobile numbers have been listed in a leaked database.
The database targets hacking the numbers using Israeli spyware called ‘Pegasus.’ The list includes the contacts of journalists, ministers, rights activists, scientists, lawyers, and opposition leaders reveals an investigation by The Wire.
Over forty journalists’ phone numbers were leaked. It is speculated that they were targeted for surveillance using the Pegasus spyware. Some of the numbers were snooped using Israeli software. An association of news organizations called ‘The Pegasus Project’ has analyzed the lists.
The numbers of the journalists and other members included in the list can indicate a potential attempt for surveillance. However, to confirm the device hack, a technical examination can potentially reveal if the phone was subject to surveillance.
The analysis of ten Indian phones whose numbers were present in the data reveals attempted surveillance or a successful Pegasus hack.
Rohini Singh, a journalist from The Wire, investigating the business affairs between Jay Shah, son of Union Home Minister Amit Shah, and Nikhil Merchant, a businessman who is a close aide of Prime Minister Narendra Modi is also on the list.
She was also Investigating the business dealings between Piyush Goyal, and Ajay Piramal. Sushant Singh, a former journalist with the Indian Express, was also present on the list. An analysis of his device showed signs of Pegasus infection earlier this year.
Singh was working on various investigations, including the Rafale deal. It is speculated that he appeared on the list in mid-2018.
A majority of journalists mentioned in the list work with big publishing houses, including four employees and one former employee of the Hindustan Times. Prashant Jha, former bureau chief, Rahul Singh defense correspondent, and employee of the Hindustan Times.
Muzamil Jaleel, Ritika Chopra of the Indian Express also appeared on the list. Alongside Sandeep Unnithan of the India Today. Manoj Gupta of TV18. Vijaita Singh, who covers Home Ministry as a beat for The Hindu, is also present on the list.
M.K.Venu and Siddharth Varadarajan are the founding editors of The Wire, the diplomatic editor of The Wire, Devirupa Mitra, also appeared on the list. Prem Shankar Jha, the senior columnist for The Wire who covers mainly political and security aspects, also appeared on the list.
J.Gopikrishnan, an investigative reporter who unearthed the 2G telecom scam, also appeared on the list. The names of the journalists were added between the period of 2018 to 2019 and some were added after the period.
A similar incident took place in early 2019 where messaging app WhatsApp with Citizen Lab had alerted the Indians users of the platform of a potential Pegasus attack. During that period, two journalists’ names were present in the list, including former Lok Sabha MP Santosh Bharatiya.
WhatsApp revealed in October 2019, that Indian journalists and human rights activists were also a target of the hack. . Following which a lawsuit was filed by WhatsApp in US federal court. The lawsuit alleged that the NSO Group had targeted 1,400 WhatsApp users using spy software.
Shalini Gera, a human rights lawyer, Bela Bhatia activist from Bastar, Degree Prasad Chauhan, a Dalit activist, were mentioned in the list in 2019 for a possible target of surveillance.
The Indian government has stated that there is no concrete evidence to conclude the claims of the government’s surveillance of select individuals. The government also cited the 2019 incident of Pegasus security issues, with Indian WhatsApp users stating that the Right to Information (RTI) reply from the government stated that there is no unauthorized surveillance by the government of India.
The government further added that there is a well-established protocol for sanctions and supervision of high-ranking ministers and central/state agencies for national interest reasons.
Amnesty International and France-based organization, Forbidden Stories had first access to the leaked list, which was further shared with 15 other news organizations, including The Wire. The Washington Post, The Guardian, and others were able to identify the 1,571 individuals mentioned in the list, which spanned across ten countries.
Pegasus comes under the NSO group, which is an Israeli company. The group has determined that it only offers its service to “vetted governments” and has refused to make public the list of its customers. After the news circulated, the company disputed the claim of the pegasus hack.
In a letter to The Pegasus Project and The Wire, the company stated it believes that the numbers mentioned in the list might not be subject to surveillance, but the list might be used by the group for other purposes. However, analysis of the phones has exhibited signs of Pegasus hack.
The forensic examination conducted by Amnesty International’s security lab showed that of the thirteen iPhones examined, nine showed signs of Pegasus infection. Nine androids were examined, however, it was complicated to determine the infection in android phones, as it does not provide the detailed log needed to confirm the Pegasus hack. Only one phone showed signs of the Pegasus hack.
The NSO Group was founded in 2010. They are best known for creating Pegasus. It allows operators to hack into the smartphones of another individual, and conduct surveillance, including gaining access to the camera, microphone, and the contents in the phone.
The company has time and again stated that it does not offer services to private individuals or agencies and only offers assistance to “vetted government.” In the letter addressed to The Pegasus Project, the group reiterated the same.
Over one thousand people across fifty countries have been identified on the list. The country database includes Bahrain, Kazakhstan, Mexico, Rwanda, Morocco, Hungary, Saudi Arabia, India, Azerbaijan, and UAE.