A FORENSIC investigation by Amnesty International’s Security Lab in partnership with The Washington Post has claimed that two Indian journalists were among those “recently targeted with Pegasus spyware on their iPhones”. Pegasus is an invasive spyware developed by Israeli surveillance firm NSO Group. The NSO Group has always maintained it deals only with governments and that too after intense scrutiny. Calling the publication’s findings “half facts, fully embellished”, Union Minister of State for Electronics and IT Rajeev Chandrasekhar wrote on X (formerly Twitter), “.it is for Apple to explain if their devices are vulnerable and what triggered these notifications… Apple was asked to join the enquiry with @IndianCERT and meetings have been held and enquiry is ongoing.” Rebutting @washingtonpost 's terrible story telling is tiresome, but someone has to do it. ➡️This story is half facts, fully embellished 😅 ➡️Left out of the story is Apples response on Oct 31- day of threat notifications “Apple does not attribute the threat notifications to… — Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) December 28, 2023 The two journalists who Amnesty International claimed were targeted with Pegasus are Siddharth Varadarajan, Founding Editor of The Wire, and Anand Mangnale, South Asia Editor, Organised Crime and Corruption Report Project (OCCRP). The two had, along with several politicians from Opposition parties, received a threat notification from Apple In October. Following this, the two had provided their devices to Amnesty International for testing. In October, Opposition leaders across parties — from Congress’s Shashi Tharoor to Aam Aadmi Party’s Raghav Chadha and Trinamool’s Mahua Moitra — received a “threat notification” from Apple warning of a “potential state-sponsored spyware attack” on their iPhones. They had then hit out at the Centre, and suggested it was behind the spyware attack attempt. The government had, however, denied it. It had also initiated a probe headed by the Indian Computer Emergency Response Team (CERT-In) – to ascertain the trigger behind the threat notifications. Describing the attack on Mangnale’s phone, Amnesty International, said, “The Security Lab recovered evidence from Anand Mangnale’s device of a zero-click exploit which was sent to his phone over iMessage on 23 August 2023, and designed to covertly install the Pegasus spyware. The phone was running iOS 16.6, the latest version available at the time.” The attempt to infiltrate Varadarajan’s phone and install Pegasus, took place on October 16, but failed, Amnesty said. “The same attacker-controlled email address used in the Pegasus attack against Anand Mangnale was also identified on Siddharth Varadarajan’s phone, confirming that both journalists were targeted by the same Pegasus customer,” it said. Indications of renewed Pegasus spyware threats towards individuals in India were first observed during a regular technical monitoring exercise in June 2023, said Amnesty International in a blog post. Amnesty International did not respond to queries seeking details on whether it had tested phones of other people from India apart from the two journalists, and the findings from those phones. Amnesty International has previously claimed that Varadarajan was targeted and infected with Pegasus spyware in 2018. His devices were also forensically analysed by a technical committee established by the Supreme Court of India in 2021 in the wake of allegations of the spyware being used on a host of stakeholders including politicians, journalists and human rights activists. On its part, the Central government has not categorically denied buying or using Pegasus, which the NSO Group says it sells only to government or government agencies. In October 2021, the Supreme Court had set up a three-member technical committee and ordered a probe headed by former SC judge R V Raveendran to look into the allegations of unauthorised surveillance using Pegasus. The panel found no conclusive evidence on use of the spyware in phones examined by it but noted that the Central Government “has not cooperated” with the panel. The committee had submitted its reports in sealed covers, and after the court took them on record, the reports were re-sealed and kept in safe custody. At the time of publication, the reports had not been made public, more than a year after they were first presented to the apex court. As part of CERT-In’s fresh investigation following the October 2023 threat alerts, a team from Apple USA visited India last month to assist with the probe. The Indian Express had earlier reported that the government’s nodal cybersecurity agency is exploring if agencies linked to the Chinese government were behind the attempted breach.
