New Delhi: Pegasus spyware was used to hack the mobile phones of two Indian journalists in August and October, a joint investigation by human rights group Amnesty International and US newspaper The Washington Post has found.
Published on Wednesday, the report also quotes unnamed sources at Apple claiming that the Narendra Modi government had pressured the company to play down its alert to customers that their iPhones had been targeted by “State-sponsored attackers”.
In October, several Opposition politicians, journalists and at least one academic received such alerts from Apple, which didn’t reveal who these attackers were or which state they worked for. Although the Centre said the matter would be probed, it also made light of the Opposition’s claims of illegal surveillance.
The Post’s report, titled “India targets Apple over its phone hacking notifications”, says: “As soon as journalists and Opposition politicians shared their warnings from Apple, BJP officials scrambled to contain the fallout.
“Senior Modi administration officials called Apple India’s Managing Director, Virat Bhatia, after the news broke, said two people with knowledge of the matter. One of the people said Indian officials asked Apple to withdraw the warnings and say it had made a mistake. After a heated discussion, the company’s India office said the most it could do was put out a public statement that emphasised certain caveats that Apple had already listed on its tech support page about the warnings.”
Responding to questions from The Post about whether the government had exerted pressure on Apple, the Ministry of Electronics and IT said in a statement: “We have instituted technical investigation in the reported matter. So far, Apple has cooperated fully in the investigation process.”
Reports had as far back as 2019 alleged that the Israeli spyware Pegasus — sold only to governments — had been used against Opposition politicians, journalists, activists and even a judge in India.
Amnesty’s report, titled “India: Damning new forensic investigation reveals repeated use of Pegasus spyware to target high-profile journalists” and released on Thursday, says: “Forensic investigations by Amnesty International’s Security Lab confirmed that Siddharth Varadarajan, Founding Editor of The Wire, and Anand Mangnale, the South Asia Editor at The Organised Crime and Corruption Report Project (OCCRP), were among the journalists recently targeted with Pegasus spyware on their iPhones, with the latest identified case occurring in October 2023.”
It adds: “Amnesty International has previously documented how Siddharth Varadarajan was targeted and infected with Pegasus spyware in 2018. His devices were later forensically analysed by a technical committee established by the Supreme Court of India in 2021 in the wake of the Pegasus Project revelations.
“In 2022, the committee concluded its investigation, but the Supreme Court has not made the findings of the technical report public. The court noted, however, that the Indian authorities ‘did not cooperate’ with the technical committee’s investigations.
“Siddharth Varadarajan was targeted again with Pegasus on 16 October 2023. The same attacker-controlled email address used in the Pegasus attack against Anand Mangnale was also identified on Siddharth Varadarajan’s phone, confirming that both journalists were targeted by the same Pegasus customer. There are no indications that the Pegasus attack was successful in this case.”
The Union Junior Minister for Electronics and IT, Rajeev Chandrasekhar, responded to The Post’s report on X saying: “This story is half facts, fully embellished. Left out of the story is Apples response on Oct 31 — day of threat notifications.
“Apple does not attribute the threat notifications to any specific state-sponsored attacker. State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete.
“It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.”
He added: “@GoI_MeitY’s & my response to this incident has been consistent and clear from the incident – That it is for Apple to explain if their devices are vulnerable and what triggered these notifications. Apple was asked to join the enquiry wth @IndianCERT and meetings have been held and enquiry is ongoing. Those are the facts. Rest of story is creative imagination & clickbaiting at work masquerading as journalism.”
