Online news platform The Wire reported on Sunday, a leaked database of thousands of telephone numbers, believed to have been listed by multiple government clients of an Israeli surveillance technology firm, includes over 300 verified Indian mobile telephone numbers, including those used by ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists and others. The website said the findings followed an investigation by The Wire and 16 media partners.
The website said forensic tests conducted as part of this project on a small cross-section of phones associated with these numbers revealed clear signs of targeting by Pegasus spyware in 37 phones, of which 10 are Indian. Without subjecting a phone to this technical analysis, it is not possible to conclusively state whether it witnessed an attack attempt or was successfully compromised, The Wire reported.
The Indian Telegraph Act and Information Technology Act prescribe procedures that must be followed for lawful interception. Different countries have different laws but the use of hacking to deliver surveillance spyware in India by any individual, private or official, is an offence under the IT Act.
The Wire observed it would be revealing the names it has been able to verify under different categories, in a step by step fashion with its partners over the next few days. The numbers of those in the database include over 40 journalists, three major opposition figures, one constitutional authority, two serving ministers in the Narendra Modi government, current and former heads and officials of security organisations and scores of businesspersons.
The Wire observed that the presence of a number in the database indicates its likely selection as a target for surveillance but whether a phone was actually hacked and infected can only be established through forensic examination of the device – more easily done if the instrument in question is an iPhone.
Among the numbers in the Pegasus Project database is one that was registered in the name of a sitting Supreme Court judge. However, The Wire observed it has not been able to confirm whether the number, which the judge gave up before it was added to the list, was still being used by him for WhatsApp and other encrypted messaging apps when the number was selected. The Wire said until such time as it was able to establish the number’s actual user during the period in question, it was withholding the name of the judge.
In a response to detailed questions sent by Pegasus Project partners to the Prime Ministers’ Office earlier this week, the Ministry of Electronics and Information Technology said that “India is a robust democracy that is committed to ensuring the right to privacy to all its citizens as a fundamental right” and that the “allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever.”
Without specifically denying that Pegasus is being used by the government, the MEITY response said, “Each case of interception, monitoring, and decryption is approved by the competent authority… The procedure therefore ensures that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law.”