Washington Post:The spyware is sold to governments to fight terrorism. In India, it was used to hack journalists and others. | IAMC

Washington Post:The spyware is sold to governments to fight terrorism. In India, it was used to hack journalists and others.

The confirmed infections of seven phones represent a tiny fraction of what may be a vast surveillance net in Modi’s India

NEW DELHI — A powerful surveillance tool licensed only to governments was used to infiltrate mobile phones belonging to at least seven people in India and was active on some of their devices as recently as this month.

The hacks — confirmed by forensic analysis of the phones — represent a tiny fraction of what may be a vast surveillance net, intensifying concerns about the erosion of civil liberties in India under Prime Minister Narendra Modi.

Hundreds of Indian phone numbers appeared on a list that included some selected for surveillance by clients of NSO Group, an Israeli firm. The list contained numbers for Rahul Gandhi, India’s main opposition leader; Ashok Lavasa, a key election official considered an obstacle to the ruling party; and M. Hari Menon, the local head of the Bill and Melinda Gates Foundation.

Others included on the list were journalists, activists, opposition politicians, senior officials, business executives, public health experts, Tibetan exiles and foreign diplomats. A group of Modi critics accused of plotting to overthrow the government also appeared on the list.

The spyware that infiltrated seven of the analyzed phones is called Pegasus. It secretly unlocks the contents of a target’s mobile phone and transforms it into a listening device. NSO says it licenses the tool exclusively to government agencies to combat terrorism and other serious crimes.

In India, use of the spyware appears to have gone well beyond those objectives. Five of the phones infiltrated in India belonged to journalists and one to a high-profile political adviser working for Modi’s opponents.

More than 1,000 phone numbers in India appeared on the list, according to a months-long collaborative investigation by The Washington Post and 16 media partners in 10 countries. The consortium verified the identities of the people associated with more than 300 of the numbers in India.

It is not known how many of the phones on the list were actually targeted for surveillance or how many attempts were successful. Forensic analyses performed on 22 smartphones in India whose numbers appeared on the list showed that 10 were targeted with Pegasus, seven of them successfully. Eight of the 12 inconclusive results involved Android phones, which do not log the information needed for the method used to uncover infection.

Sushant Singh, an Indian journalist whose phone number first appeared on the list in 2018, reported extensively on a controversial purchase of fighter jets from France by the Modi government. Pegasus was active on Singh’s iPhone as recently as this month, a forensic analysis showed.

The targeting of journalists creates “an environment of fear and intimidation” where “democracy eventually stands weakened,” Singh said.

Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International had access to the list of thousands of phone numbers worldwide and shared it with The Post and other outlets. Forbidden Stories oversaw the investigation, called the Pegasus Project, and Amnesty’s International’s Security Lab provided forensic analyses and technical support but had no editorial input.

Click here to read the article