New Delhi: The phone numbers of over 40 Indian journalists appear on a leaked list of potential targets for surveillance, and forensic tests have confirmed that some of them were successfully snooped upon by an unidentified agency using Pegasus spyware, The Wire can confirm.
The leaked data includes the numbers of top journalists at big media houses like the Hindustan Times, including executive editor Shishir Gupta, India Today, Network18, The Hindu and Indian Express.
The Pegasus Project, a consortium of news organisations that analysed this list, has reason to believe that the data is indicative of potential targets identified in advance of surveillance attempts. The presence of a phone number in the data does alone not reveal whether a device was infected with Pegasus or subject to an attempted hack – technical examination of the phone’s data is needed for that.
Independent digital forensic analysis conducted on 10 Indian phones whose numbers were present in the data showed signs of either an attempted or successful Pegasus hack.
Of equal importance is how the results the forensic analysis threw up shows sequential correlations between the time and date a phone number is entered in the list and the beginning of surveillance. The gap usually ranges between a few minutes and a couple of hours. In some cases, including forensic tests conducted for two India numbers, the time between a number appearing on the list and the successful detection of a trace of Pegasus infection is just seconds.
Pegasus is sold by the Israeli company, NSO Group, which says it only offers its spyware to “vetted governments”. The company refuses to make its list of customers public but the presence of Pegasus infections in India, and the range of persons that may have been selected for targeting, strongly indicate that the agency operating the spyware on Indian numbers is an official Indian one.
Two founding editors of The Wire are on this list, as is its diplomatic editor and two of its regular contributors, including Rohini Singh. Singh’s number appears after she filed back-to-back reports on the business affairs of home minister Amit Shah’s son, Jay Shah, and Nikhil Merchant, a businessman who is close to Prime Minister Narendra Modi, and while she was investigating the dealings of a prominent minister, Piyush Goyal, with businessman Ajay Piramal.
The number of former Indian Express journalist Sushant Singh appears on the list in mid-2018, at a time when he was working on an investigation into the controversial Rafale aircraft deal with France, besides other stories. Digital forensics conducted on Singh’s current phone showed signs of Pegasus infection earlier this year.
Leaked data, NSO disputes purpose
The France-based media non-profit, Forbidden Stories, and Amnesty International first had access to this leaked list which they shared with The Wire and 15 other news organisations worldwide as part of a lengthy collaborative investigation called the Pegasus Project.
Working together, these news organisations – which include The Guardian, The Washington Post, Le Monde and Suddeutsche Zeitung – were able to independently identify the owners of over 1,571 numbers across at least 10 countries, and forensically examine a small cross-section of phones associated with these numbers to test for the presence of Pegasus.
NSO disputes the claim that the leaked list is linked in any way to the functioning of its spyware. In a letter to The Wire and Pegasus Project partners, the company initially said it had “good reason to believe” that the leaked data was “not a list of numbers targeted by governments using Pegasus”, but instead, may be part of “a larger list of numbers that might have been used by NSO Group customers for other purposes”.
However, the forensic testing of targeted phones has confirmed the use of Pegasus spyware against some of the Indian numbers on this list and has also established that this highly intrusive form of surveillance – technically illegal under Indian law as it involves hacking – is still being used to spy on journalists and others.
Pegasus and India
Founded in 2010, the NSO Group is best known for having created Pegasus, which allows those operating it to remotely hack into smartphones and gain access to their contents and functions, including the microphone and camera. The company has always insisted Pegasus is not sold to private entities or even to any and every government. In fact, in its letter to The Wire and its media partners, NSO reiterated that it sells its spyware only to “vetted governments”.
NSO will not confirm whether the Indian government is a customer but the presence of Pegasus infections in the phones of journalists and others in India and the nature of the targets selected for a potential hack suggests that one or more official agencies here are actively using the spyware. This inference must be drawn because Pegasus can only be used by a client of NSO and NSO has only “vetted governments” as clients.
While the Narendra Modi government has not so far issued a categorical denial that Pegasus is officially being used, it has been dismissive of allegations that Pegasus might have been used to conduct illegal surveillance of targets in India.
The Ministry of Electronics and Information Technology reiterated this stand in a response to a questionnaire about individual targets sent by Pegasus Project partners.
Independent forensic analysis conducted by Amnesty International’s Security Lab on a small worldwide cross-section of the smartphones of the people on the leaked list threw up traces of Pegasus spyware infection in over half the cases. Among the 13 iPhones examined in India, nine showed evidence of being targeted, of which seven were successfully infected with Pegasus. Among nine Androids tested, one showed evidence of targeting while 8 were inconclusive, mainly because Android logs do not provide the kind of detail Amnesty’s team needs to confirm the presence of Pegasus.
Specific digital forensics conducted by AI ‘s Security Lab found traces of Pegasus spyware on the mobile phones of six Indian journalists who agreed to have their phones examined after discovering their number was in the leaked data.
The list of journalists to emerge from the Pegasus Project’s reporting cannot be considered exhaustive list or even a representative sample of reporters subject to official snooping as it is limited to an analysis of one leaked dataset over a narrow time period and covering only one potential vector of surveillance, i.e. Pegasus.
A good chunk of the journalists who appear in the records are based out of the national capital and work with prominent organisations.
For instance, the leaked data shows that at least four current employees and one former employee of the Hindustan Times group were of potential interest to the Indian Pegasus client – executive editor Shishir Gupta, editorial page editor and former bureau chief Prashant Jha, defence correspondent Rahul Singh, a former political reporter who covered the Congress Aurangazeb Naqshbandi, and a reporter in HT’s sister paper, Mint.
Other prominent media houses also had at least one journalist whose phone number appears in the leaked records. This includes Ritika Chopra (who covers education and the Election Commission) and Muzamil Jaleel (who writes on Kashmir) of the Indian Express, Sandeep Unnithan (who covers defence and the Indian military) of India Today, Manoj Gupta (editor investigations and security affairs) at TV18, and Vijaita Singh, who covers the home ministry for The Hindu and whose phone contained traces of an attempted Pegasus infection.
The Pegasus Project is withholding the names of some of those targeted because they have either moved on to other jobs or have other other reasons not to be identified.
At The Wire, those targeted were founder-editors Siddharth Varadarajan and M.K. Venu, for whom specific forensic analysis showed evidence of their phones being infected by Pegasus. The number of Devirupa Mitra, The Wire’s diplomatic editor, also appears in the records.
Apart from Rohini Singh, the phone number of another regular contributor to The Wire – senior columnist Prem Shankar Jha, who writes mainly on political and security matters – also appears in the records, as does freelance journalist Swati Chaturvedi, who was also writing for The Wire at the time she was selected.
“Given the abandon with which this government is abusing the Indian constitution to incarcerate its staunchest defenders, I am torn between considering this a threat and a compliment,” Jha said, when informed about his selection as a target for surveillance.
“My job is to continue [doing] stories… News doesn’t stop, stories should be told as they are, without suppressing the facts or with any embellishment,” The Hindu’s Vijaita Singh told The Wire, adding that it would not be “appropriate to hazard a guess” on why anyone would view her as a potential target for surveillance.
“Whatever information we gather is in the newspaper the following day.”
“Unfortunately,” said Rohini Singh, “surveillance is seen as something that a powerful government would do… It’s not even criticised as much by many journalists in mainstream media and I think that’s the unfortunate part.”
“My investigative book on the BJP’s secret digital army exposed the Modi government attacking citizens in a democracy… I take Modi’s illegal surveillance as a compliment to the investigative journalism I do,” said Chaturvedi.
“I did not know about this,” Jaleel told The Wire. “But if you have it from reliable sources, it is a matter of serious concern.”
Another journalist that finds mention on the list is J. Gopikrishnan, an investigative reporter with The Pioneer, credited with having broken the 2G telecom scam. “Being a journalist, I contact many people and [there are] many [who] want to know who all I contact,” he told The Wire. The Wire