India has been using an Israeli spyware to hack into the smartphones of political leaders, journalists, and businessmen across the world, a report prepared by 17 international media organisations revealed Sunday.
Prime Minister Imran Khan is on the list too.
Over 1,000 phone numbers in India were found on the surveillance list, while hundreds were from Pakistan, including the one the prime minister used once, a report by The Washington Post, Guardian, and other new outlets revealed.
It is, however, not specified if the attempts to hack the numbers were successful.
The news left leaders across Pakistan concerned. Information Minister Fawad Chaudhry said: “Extremely concerned about news reports emerging from @guardiannews that Indian Govt used Israeli software to spy on journalists, political opponents, and politicians.”
Extremely concerned on news reports emerging from @guardiannews that Indian Govt used Israeli software to spy on Journalists,political opponents and politicians,unethical policies of #ModiGovt have dangerously polarised India and the region… more details are emerging
— Ch Fawad Hussain (@fawadchaudhry) July 19, 2021
He added that unethical policies of the Modi government have dangerously polarised India and the region.
Human Rights Minister Shireen Mazari, on the other hand, called India an “authoritative regime”.
India identified amongst the “authoritarian” regimes using Israeli NSO’s Pegasus spyware for surveillance. Part II shd be out 2day incl how Modi govt spied on its own ministers. NSO apparently gets approval from Israeli govt for sales so linkages clear!https://t.co/EMv5adnUFu
— Shireen Mazari (@ShireenMazari1) July 19, 2021
On Monday, the PM called a special meeting to find ways to beef up the cabinet’s digital security.
The leaders discussed the development of a new application, the likes of WhatsApp, which will only be used by the premier. According to government sources, 60% of the app has been developed. In a few months, a report on the application will be prepared and submitted to the prime minister.
Israel’s NSO Group and Pegasus malware
Israel’s NSO Group and its Pegasus malware have been in the headlines since at least 2016 when researchers accused it of helping spy on a dissident in the United Arab Emirates.
Sunday’s revelations raise privacy and rights concerns and reveal the far-reaching extent to which the private Israeli company’s software may be being used by its clients internationally.
The leak was of a list of more than 50,000 smartphone numbers believed to have been identified as people of interest by clients of NSO since 2016, the media outlets said.
The Post said the list was shared with the news organizations by Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International. The newspaper said the total number of phones on the list that was actually targeted or surveilled is unknown.
The Post said 15,000 of the numbers on the list were in Mexico and included those of politicians, union representatives, journalists and government critics.
The list reportedly included the number of a Mexican freelance journalist who was murdered at a carwash. His phone was never found and it was not clear if it had been hacked.
Indian investigative news website The Wire reported that 300 mobile phone numbers used in India — including those of government ministers, opposition politicians, journalists, scientists, and rights activists — were on the list.
The numbers included those of more than 40 Indian journalists from major publications such as the Hindustan Times, The Hindu, and the Indian Express as well as two founding editors of The Wire, it said.
The Indian government denied in 2019 that it had used the malware to spy on its citizens after WhatsApp filed a lawsuit in the United States against NSO, accusing it of using the messaging platform to conduct cyber espionage.
The Post said a forensic analysis of 37 of the smartphones on the list showed there had been “attempted and successful” hacks of the devices, including those of two women close to Saudi journalist Jamal Khashoggi, who was murdered in 2018 by a Saudi hit squad.
Among the numbers on the list are those of journalists for Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El Pais, the Associated Press, Le Monde, Bloomberg, the Economist, Reuters and Voice of America, the Guardian said.
The use of the Pegasus software to hack the phones of Al-Jazeera reporters and a Moroccan journalist has been reported previously by Citizen Lab, a research center at the University of Toronto, and Amnesty International.
The Post said the numbers on the list are unattributed but the media outlets participating in the project were able to identify more than 1,000 people in more than 50 countries.
They included several members of Arab royal families, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials including heads of state and prime ministers and cabinet ministers.
The reports said many numbers on the list were clustered in 10 countries — Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates.
Pegasus is reportedly a highly invasive tool that can switch on a target’s phone camera and microphone as well as access data on the device, effectively turning a phone into a pocket spy.
In some cases, it can be installed without the need to trick a user into initiating a download.
NSO issued a denial on Sunday that focused on the report by Forbidden Stories, calling it “full of wrong assumptions and uncorroborated theories,” and threatened a defamation lawsuit.
“We firmly deny the false allegations made in their report,” NSO said.
“As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi,” the company said.
“We would like to emphasize that NSO sells its technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts,” it said.
Citizen Lab reported in December that about three dozen journalists at Qatar’s Al-Jazeera network had their mobile devices targeted by Pegasus malware.
Amnesty International reported in June of last year that Moroccan authorities used NSO’s Pegasus software to insert spyware onto the cellphone of Omar Radi, a journalist convicted over a social media post.
At the time, NSO told AFP that it was “deeply troubled by the allegations” and was reviewing the information.
Founded in 2010 by Israelis Shalev Hulio and Omri Lavie, NSO Group is based in the Israeli hi-tech hub of Herzliya, near Tel Aviv. It says it employs hundreds of people in Israel and around the world.
With additional input from AFP.