Amnesty Reports Pegasus Spyware Targeted Indian Journalists

In a striking revelation by Amnesty International (in partnership with The Washington Post), the use of Pegasus spyware, developed by Israeli firm NSO Group, has been found targeting high-profile journalists in India. This alarming development was highlighted in a forensic investigation conducted by Amnesty International’s Security Lab.

According to the report, Siddharth Varadarajan, Founding Editor of The Wire, and Anand Mangnale, South Asia Editor at The Organised Crime and Corruption Report Project (OCCRP), are recent victims of this invasive surveillance tool. The latest identified instance of this spyware occurred in October 2023.

The Security Lab's routine technical monitoring exercise, initiated in June 2023, first flagged the renewed threats of Pegasus in India. This was notable, as it occurred mere months after reports emerged of the Indian government's intent to acquire new commercial spyware systems.

Then, in October 2023, Apple sent out a round of threat notifications globally to users who may have been targeted by state-sponsored attackers. Over 20 journalists and opposition politicians within India were reported to have received this notification, including both Varadarajan and Mangnale.

In response, the Security Lab performed a forensic analysis on Varadarajan and Mangnale phones, among others who were notified. From these tests, it was revealed that Pegasus spyware was present on the devices of Varadarajan and Mangnale.

A significant finding was that in Mangnale’s case, the Pegasus spyware was delivered via a zero-click exploit that was sent to his phone over iMessage on 23 August 2023. The device was running the latest iOS version at the time.

The Indian government's response to Apple's late October warnings about potential state-sponsored attacks on journalists and opposition figures were met with skepticism. As reported by The Washington Post, officials under Prime Minister Narendra Modi questioned the accuracy of Apple's internal threat algorithms and instead launched an investigation into Apple device security.

Adding to the government's reaction, Union Minister of State for Electronics and IT, Rajeev Chandrasekhar, criticized Amnesty International’s findings, labeling them as “half facts, fully embellished.” He argued that it was Apple's responsibility to clarify “if their devices are vulnerable and what triggered these notifications.”

Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab, expressed concern over the situation, stating that Indian journalists “face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation.” In response to this growing issue, Amnesty International has called for a global ban on the use and export of invasive spyware.