Spyware Pegasus Used to Snoop on Indian Journos, Mins & Activists: Report

Pegasus was reportedly used to snoop on at least 300 Indian phone numbers that include over 40 senior journalists.

6 min read

A report published by an Indian online news portal on Sunday, 18 July, revealed that Israel-made spyware Pegasus was believed to have been used to snoop on at least 300 Indian phone numbers, including those of over 40 senior journalists, opposition leaders, government officials and rights activists.

The report published by The Wire, said that the 'leaked data includes the numbers of top journalists at big media houses like the Hindustan Times, including executive editor Shishir Gupta, India Today, Network18, The Hindu and Indian Express'.

Pegasus, a product of Israeli cyberweapons company NSO Group, was earlier in the news in late 2019 when it was found that spies used the spyware to hack into phones of roughly 1,400 users around the world, including 121 Indians.

The leaked list of names was provided to The Wire and 15 other international news organisations by France-based media non-profit, Forbidden Stories, and Amnesty International, as part of a collaborative investigation called the 'Pegasus Project'.


What Does the Report Say?

According to the news report, while the presence of the numbers in the list does not confirm that the device was 'infected with Pegasus or subject to an attempted hack', the Pegasus Project believes that the list included potential targets who might have been identified in advance for possible surveillance attempts.

According to The Wire, an independent forensic analysis of 10 Indian phones from the list showed that they were either hacked or attempted to have been hacked by Pegasus.

The media organisations working together were able to identify the owners of over 1,571 numbers spread across at least 10 countries and forensic analysis of some of the devices showed the presence of Pegasus.

The parent company of the spyware NSO has denied that the leaked list was linked in any way to the functioning of its software. In response to the Pegasus Project, NSO has said that people in the list were not targeted by the governments using Pegasus but were maybe a part of a larger list of numbers that other customers of theirs used for different purposes.

Who Are the Journalists in the Leaked List?

A majority of the journalists featured in the list were based out of the national capital, the report said. However, it also added that the list of journalists from the leaked list could not be considered exhaustive.

For instance, the leaked data shows that at least four current employees and one former employee of the Hindustan Times group were of potential interest to the Indian Pegasus client – executive editor Shishir Gupta, editorial page editor and former bureau chief Prashant Jha, defence correspondent Rahul Singh, former political reporter who covered the Congress Aurangazeb Naqshbandi, and a reporter in HT's sister paper, Mint.

Other prominent media houses also had at least one journalist whose phone number appears in the leaked records. This includes Ritika Chopra (who covers education and the Election Commission) and Muzammil Jameel (who writes on Kashmir) of the Indian Express, Sandeep Unnithan (who covers defence and the Indian military) of India Today, Manoj Gupta (editor investigations and security affairs) at TV18, and Vijaita Singh, who covers the Home Ministry for The Hindu and whose phone contained traces of an attempted Pegasus infection.

At The Wire, those targeted were founder-editors Siddharth Varadarajan and MK Venu, for whom specific forensic analysis showed evidence of their phones being infected by Pegasus. The number of Devirupa Mitra, The Wire's diplomatic editor, also appears in the records.

Apart from Rohini Singh, the phone number of another regular contributor to The Wire – senior columnist Prem Shankar Jha, who writes mainly on political and security matters – also appears in the records, as does freelance journalist Swati Chaturvedi, who was also writing for The Wire at the time she was selected.

Another journalist that finds mention on the list is J Gopikrishnan, an investigative reporter with The Pioneer, credited with having broken the 2G telecom scam, The Wire said.

Several senior journalists who have left mainstream organisations also appear in the leaked data as individuals who were selected.

This includes: former national security reporter Saikat Datta, former Economics and Political Weekly editor Paranjoy Guha Thakurta, who now writes regularly for, former TV18 anchor and diplomatic reporter at The Tribune Smita Sharma, former Outlook journalist SNM Abdi, and former DNA reporter Iftikhar Gilani.

The Wire's analysis of the data shows that most of the above mentioned names were targeted between 2018 and 2019 – in the run-up to the 2019 Lok Sabha general elections.

Elgar Parishad Accused Also Snooped On

According to The Wire's report, at least nine numbers belonging to right activists, lawyers, and academics arrested in the Elgar Parishad case between June 2018 to October 2020 were part of leaked database.

The report states that rights activist who were tagged by the spyware include Hany Babu, Vernon Gonsalves, Anand Teltumbde, Shoma Sen, Gautam Navlakha, Arun Ferreira, and Sudha Bharadwaj.

The report further states that apart from the activists, lawyers, and journalists accused in the Elgar Parishad case, numbers of their family members, close relatives, friends, and colleagues were also part of the list.

In some cases, phone numbers of those accused were continued to be snooped on after they were seized by the authorities or were arrested, the report adds.

Minal Gadling, wife fo lawyer and activist Surendra Gadling, was also a target of the attack and her phone number appears in the list months after her husband was arrest, reports The Wire.

“I have barely led a public life. It surprises me then why was I targeted,” reports The Wire, quoting Minal.


NSO Group Dismisses Claims Made in Report by Forbidden Stories

Dismissing the allegations made in the report by Forbidden Stories, the NSO group said, "The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources".

"The claims that the data was leaked from our servers, is a complete lie and ridiculous, since such data never existed on any of our servers," the statement said, adding that the group was considering a defamation lawsuit.

NSO group reiterated that their technology was not associated with the murder of Jamal Khashoggi or tracking of him or his family.

"We would like to emphasize that NSO sells it technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts," their statement said.


Committed to Ensuring Right to Privacy: Indian Govt

The government of India, in its response to inquiries on the 'Pegasus Project' media report, said, "India is a robust democracy that is committed to ensuring the right to privacy to all its citizens as a fundamental right."

"The allegations regarding government surveillance on specific people have no concrete basis or truth associated with it whatsoever," the government's response added.

The government reiterated that the Minister of Electronics and IT had said that there has been 'no unauthorised interception by Government agencies', without mentioning the use of Pegasus.


What Happened in 2019?

Two years back, WhatsApp had informed several Dalit rights lawyers and activists of the spyware attack that had targeted them in May 2019, the activists had told The Quint.

Among the 121 Indian citizens who were victims of surveillance are Bhima Koregaon lawyer Nihal Singh Rathod, Elgar Parishad accused Anand Teltumbde, Bastar-based human rights lawyer Bela Bhatia, jailed activist Sudha Bharadwaj's lawyer Shalini Gera, Gadchiroli-based lawyer Jagdish Meshram among others.

In October 2019, WhatsApp had said it was suing NSO Group in what it called was a 'cyber attack'.

Responding to allegations by WhatsApp, the Israeli company had said that 'there is no dispute the alleged use of Pegasus to message 1,400 foreign WhatsApp users in April and May 2019 was done by sovereign governments in foreign countries'.

Answering questions in the Lok Sabha, Electronics & IT Minister Ravi Shankar Prasad on 28 November 2019 said that there had been 'no unauthorised interception' of citizens' phones by the government.


What is Pegasus?

Pegasus exploits a vulnerability via WhatsApp to get into a user's device and gains access to all the apps on the phone.

The spyware contains code that is capable of spying, collecting data, and reporting back on what the user does on the device – everything; calls, emails, texts, location, app data, etc. It remotely collects all the information about a target's device, wherever they are.

According to the NSO Group's own product description manual, the spyware gives the attacker 'unlimited' access to the target's devices.

(With inputs from The Wire and IANS)

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Speaking truth to power requires allies like you.
Become a Member
Read More