By Sushil Kutty
NEW DELHI – Nearly 300 phone numbers of Indians, most likely not ‘friendly’ with the Modi government, were hacked and infected by military-grade Israeli spyware during the run-up to the 2019 general elections, which the BJP led by the Modi-Shah combine won with a thumping majority. In all 50,000 phone numbers worldwide were unearthed by a global investigation conducted by 17 media houses including one Indian news outlet.
The phone numbers allegedly included those of 40 Indian journalists, three prominent Opposition leaders of India, at least two ministers in the Modi government, a judge of the Supreme Court of India, scores of businessmen, scientists, activists and current and retired heads of Indian government security organizations.
In all, over 300 verified Indian mobile phone numbers were hacked.
It is noteworthy that the Israeli spyware ‘Pegasus’ that was used to hack and infect these phone numbers is only licensed to governments by its developer NSO Group.
In 1988, the then Karnataka Chief Minister Ramakrishna Hegde quit following charges of phone tapping of political rivals. ‘Snooping’ via phone tapping is a weighty charge and those accused often crumble under its weight. Current Home Minister Amit Shah was also accused of ordering “snooping” on a woman in 2013 allegedly on the instructions of then Gujarat CM Narendra Modi.
Comparatively speaking, the ‘Pegasus Project’, as it has been termed by the media organizations involved in the probe, is virtually an international scandal. The spyware was used to target the phones of heads of state, prime ministers, members of the Saudi royal family and slain Saudi journalist Jamal Khashoggi’s fiancée.
There’s intense speculation as to who was under surveillance accompanied by a vicarious thrill. “Being on the 50,000 phones list will be a feather in the cap,” said a journalist. “But I’ll also be worried why I was under surveillance and what data of mine was mined, and how much of my data/info is with the government. It’s very scary.”
The NSO Group is on record that the Pegasus software is used only for legitimate criminal and anti-terror investigations. But what if tomorrow any of the client-governments turned and accused somebody innocent of being involved in criminal/terror activities based on what Pegasus unearthed? The onus will be on the accused to disprove the allegations. Harassment apart, it’ll be extremely expensive and time-consuming to get off the government’s criminal/terror list.
The NSO Group said in a statement that neither did it “operate the spyware it had licensed to governments”, nor did it have “regular access to the data gathered by these governments”. In other words, the NSO Group gave itself a clean chit and claimed that its technologies actually helped prevent bombings and bust criminal rings including those involved in human and sex/child trafficking. The company denied spying on Jamal Khashoggi’s relatives.
The NSO Group says it has sold Pegasus to “36 vetted governments”, but refused to identify its clients. The majority of the 50,000 phone numbers are from 10 countries including India, Mexico and the United Arab Emirates.
Forensic tests on a cross-section of phones showed signs of targeting by Pegasus spyware in 37 phones, ten of which were of Indians.
The complete list of names of those targeted is still in the process of being unveiled.
Incidentally, the technical lab of Amnesty International was also involved in the investigation. The use of hacking to deliver surveillance spyware is an offence under the Indian Telegraph Act, and the Information Technology Act.
The names of the Indians whose phone numbers were spied upon are not known though it’s believed that the accused in the Elgar Parishad Case were also targeted.
According to a report, the Prime Ministers’ Office and the Ministry of Electronics and Information Technology have both claimed that India is committed to ensuring the right to privacy to all its citizens and that there was no truth to the allegations that the Government spied on specific people. MEITY said “each case of interception, monitoring, and decryption is approved by the competent authority, and done as per due process of law.”
But given the conclusions of the global investigation, who all were spied upon by the Modi Government prior to and during the run-up to the 2019 General Elections, and how much of the data mined help the BJP to win the elections?
According to one report, “the procedure for lawful interception involves not just written, time-bound authorization in each instance, but the use of the telecom or computer resource intermediary as well as who is supposed to enable the interception, and does not cover the activities proscribed by Section 43 of the IT Act under the definition of hacking. Hacking an individual’s smartphone is a necessary step in subjecting an individual to surveillance by spyware such as Pegasus.”
-IPA Service