Rahul Gandhi claims his phone was tapped by using Pegasus: What the spyware is & the controversy around it

Reacting to the Congress leader’s comments, Union Minister of Information and Broadcasting, Sports and Youth Affairs Anurag Singh Thakur said that Pegasus is in Gandhi’s mind, nowhere else.

“Today, the kind of respect that Modiji has in the entire world and the recognition that India has gained under the leadership of Modiji … If no one, Rahul Gandhi should have at least listened to Italy’s Prime Minister and its leaders,” he added.

What was the Pegasus controversy?

Pegasus, developed by the Israel-based cybersecurity company NSO Group, first made headlines in October 2019, when Facebook-owned platform WhatsApp said that journalists and human rights activists in India had been targets of surveillance by operators using the spyware. At the time, WhatsApp didn’t reveal the names, identities and “exact number” of those targeted for surveillance but told the media that it had contacted each one of them.

Two years later, a global collaborative investigative project revealed that Pegasus might have targeted 300 mobile phone numbers in India, including that of two ministers in the Central government, Opposition leaders, a constitutional authority, and several journalists, civil society leaders, and business persons.

Although the government repeatedly rejected the findings of the global media investigation, it didn’t provide any facts on the matter, and never explicitly denied the use of the spyware.

How does Pegasus work?

When initial reports on Pegasus came out, it was thought that the spyware works only by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone. However, later it was revealed that Pegasus had evolved its method by using ‘zero-click attacks’, which do not require any action from the phone’s user.

Once spyware is installed in a phone, it begins contacting its operator’s control servers to receive and execute operator commands and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.

The aftermath

Following a huge furore, the Supreme Court, in October 2021, ordered an investigation headed by Justice RV Raveendran to conduct a “thorough inquiry” into the allegations. After months of examination, two reports were submitted to the court, one by Justice Raveendran and another by a technical committee that analysed some of the phones allegedly targeted by Pegasus.

On August 25, 2022, then Chief Justice of India N V Ramana said that the committee didn’t find any conclusive evidence on the use of the spyware in phones examined by it — notably, out of hundreds of phones that were allegedly targeted by Pegasus, only 29 phones were submitted to the committee for examination.

The CJI also noted, “The Government of India has not cooperated. The same stand you took here, you have taken there…”

The court revealed that the technical committee had found malware in five of the 29 devices that it got, but it had failed to determine if the malware was Pegasus. “…inconclusive evidence…In five phones they found some malware, but it doesn’t mean it is malware of Pegasus. That’s what the finding appears,” it said.