In what could spark a rocky start to the monsoon session of Parliament starting on Monday, a global collaborative investigative project has revealed that Israeli firm NSO Group spyware Pegasus is targeting more than 300 cell phone numbers in India including that of two sitting ministers of the Narendra Modi government, three opposition leaders, a constitutional authority, several journalists and businessmen.
The Wire, a digital news platform, which is part of the collaboration, reported on Sunday that the leaked global database of 50,000 phone numbers was first consulted by the French association Forbidden Stories and Amnesty International, then shared with 16 media partners: Guardian, Washington Post, Le Monde, Suddeutsche Zeitung and 11 other Arab and European organizations.
India’s list of 300 “verified” numbers includes those used by “ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists and others. others, “he said. The Guardian, however, said the presence of a phone number in the database did not confirm whether the corresponding device was infected with Pegasus or was the subject of a hack attempt.
“… The consortium believes the data is indicative of potential targets that NSO’s government clients have identified prior to possible surveillance attempts,” he reported.
The NSO Group describes its clients as 60 intelligence, military and law enforcement agencies in 40 countries, although it will not confirm the identity of any of them, citing client confidentiality obligations, the Washington Post said. In response to a previous lawsuit filed by WhatsApp in California, NSO Group said Pegasus is being used by sovereign governments in foreign countries.
In response to this development, the government said, “The allegations of government surveillance on specific individuals have no concrete basis or truth associated with it. In the past, similar claims have been made regarding the Indian state’s use of Pegasus on WhatsApp. These reports also lacked any factual basis and were flatly denied by all parties, including WhatsApp in the Indian Supreme Court. This report therefore also appears to be a similar fishing expedition, based on guesswork and exaggeration to slander Indian democracy and its institutions. “
Indian express had in 2019 reported that WhatsApp owned by Facebook had confirmed use of Pegasus to target journalists and human rights activists in India. WhatsApp made the disclosure in a lawsuit it filed in a US court in San Francisco.
In this, he alleged that the NSO group had targeted around 1,400 WhatsApp users with Pegasus. Among those then targeted in India were several human rights activists and lawyers working in tribal areas, an accused in the Elgar Parishad case, a lawyer in the Bhima Koregaon case, a Dalit activist, journalists covering defense and strategy and a professor from the University of Delhi.
However, WhatsApp was one of the attack vectors used to infiltrate the mobile phones of selected targets using Pegasus. Other known vectors include SMS and the iPhone’s iMessage service in addition to unknown vulnerabilities that a Pegasus user could exploit to install spyware.
Once the spyware is installed, Pegasus can potentially harvest most of the data on the device, including text messages, emails, WhatsApp chats, call logs, GPS data, contact lists, and forward to the attacker. It can also activate features like camera, microphone, call recording, etc. to provide monitoring capabilities to the client.
According to the NSO Group, as reported by The Wire, the leaked database is “not a list of numbers targeted by governments using Pegasus” and that it had “good reason to believe” that the leaked data ” can be part of a larger list of numbers that could have been used by customers of the NSO group for other purposes ”.
Additionally, the NSO Group disputed that Pegasus was used to target 50,000 people, suggesting that the targeting scale on all government clients was around 5,000 per year.
In its previous statements, although the government has not clearly admitted or denied the NSO Group’s purchase or use of Pegasus for surveillance, the Israeli company, in its response to the WhatsApp trial in California, noted : “… There is no doubt that the alleged use of Pegasus to message 1,400 foreign WhatsApp users in April and May 2019 was carried out by sovereign governments of foreign countries”.
“NSO is a highly regulated company that provides government agencies with an essential tool for monitoring terrorists and criminals, analogous to companies that supply the US military with planes, weapons and cyber-espionage tools,” he said. -he adds.
In a written response to Parliament in November 2019, then Minister of State for the Interior, G Kishan Reddy, said: “Section 69 of the Information Technology Act 2000 empowers the central government or state government to intercept, monitor or decrypt or cause to intercept or monitor or decrypt, any information generated, transmitted, received or stored in any computing resource in the interest of the sovereignty or integrity of the ‘India, state security, friendly relations with foreign states or public order or to prevent incitement to the commission of any offense recognized above or to investigate any offense’.
He added that the central government authorized 10 agencies to intercept communications. These are the Intelligence Bureau, the Narcotics Control Bureau, the Directorate of Enforcement, the Central Council of Direct Taxes, the Directorate of Tax Intelligence, the Central Bureau of Investigations, the National Agency for Investigations, Cabinet Secretariat (RAW), Signals Intelligence Directorate (for Jammu and Kashmir, North East and Assam service areas only) and Police Commissioner, Delhi.