Amnesty International, in collaboration with The Washington Post, has brought to light alarming revelations regarding the persistent use of NSO Group’s notorious Pegasus spyware to target high-profile journalists in India, mostly targeting ones that have been vocal against the current government. This latest investigative report identifies Siddharth Varadarajan, the Founding Editor of The Wire, and Anand Mangnale, the South Asia Editor at The Organised Crime and Corruption Report Project (OCCRP), as among the recent victims of Pegasus spyware attacks on their iPhones, with the most recent incident occurring in October 2023.
The deployment of Pegasus, an invasive spyware developed by Israeli surveillance firm NSO Group, unfolds against the backdrop of recent warning that Apple had sent out to several opposition leaders and journalists, about possible state sponsored attacks on their devices.
Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab, emphasises the broader context, stating, “Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression, including imprisonment under draconian laws, smear campaigns, harassment, and intimidation.”
Amnesty International’s Security Lab conducted forensic analyses that revealed traces of Pegasus spyware activity on the devices of the targeted journalists. The investigation, triggered by Apple’s global threat notifications in October 2023, disclosed that more than 20 journalists and opposition politicians in India received these notifications. The Security Lab’s analysis of devices, including those of Varadarajan and Mangnale, confirmed the presence of Pegasus spyware.
Anand Mangnale’s device exhibited evidence of a zero-click exploit, a method allowing the surreptitious installation of Pegasus spyware without any user action, on August 23, 2023. The exploit coincided with Mangnale’s investigative work on an alleged stock manipulation case involving a major multinational conglomerate in India. While it remains uncertain if the exploit was successful, its occurrence underscores the serious implications for journalists conducting vital investigative work.
Siddharth Varadarajan, who had previously fallen victim to Pegasus in 2018, faced a renewed attack on October 16, 2023. The attacker employed the same email address linked to Mangnale’s case, indicating a coordinated effort to target both journalists. NSO Group maintains that its products are exclusively sold to vetted law enforcement and intelligence agencies for counterterrorism and major crime prevention.
Despite NSO Group’s claims, Pegasus has been globally misused for surveillance on journalists, activists, and opposition figures, prompting significant human rights concerns. Amnesty International calls for an immediate, independent, transparent, and impartial investigation by Indian authorities into these cases. Additionally, the organisation urges the release of the findings of the Supreme Court Technical Committee Report on Pegasus use in India, emphasising the critical need for accountability and protection of human rights.
NSO Group responded to The Washington Post, stating, “While NSO cannot comment on specific customers, we stress again that all of them are vetted law enforcement and intelligence agencies that licence our technologies for the sole purpose of fighting terror and major crime.” However, Amnesty International emphasises the need for a global ban on highly invasive spyware and calls for transparency from all countries, including India, regarding their use and contracts with private surveillance companies like NSO Group.