What started with WhatsApp revealing that around 1,400 of its users in 20 countries, including Indian journalists and activists, had been targeted by Pegasus—the spyware developed and sold to governments by Israel-based NSO Group—in May 2019 has now assumed much wider proportions with news that Pegasus may have been used to hack the phones of as many as 300 Indian citizens. The list of potential targets includes Union ministers, politicians from both ruling and opposition parties, judges, activists, journalists and NGOs—from Congress leader Rahul Gandhi to election strategist Prashant Kishor, former election commissioner Ashok Lavasa and a woman who accused a former Chief Justice of India of sexual harassment. The modus operandi involves infiltrating phones to monitor text messages, camera feeds and microphones, without leaving any evidence in the device. The allegedly targeted phone numbers are part of a leaked database accessed by Forbidden Stories, a French media non-profit, and shared with an international media consortium. The controversy rocked the ongoing monsoon session of Parliament, with opposition parties up in arms against the Narendra Modi government.
According to media reports, Rahul’s phone was targeted twice in 2018-19 when he was Congress president and leading the party’s campaign for Lok Sabha elections. At least five of his close aides and other party workers were also identified as possible targets. Sachin Rao, AICC training in-charge, is one of the aides whose name figured in the leaked data. According to Rao, the surveillance is not merely for gathering political information, but also meant for people who are getting in the way of power. “I think Rahul Gandhi was targeted as he consistently called out the government. What is this episode conveying to the world? That someone is willing to pay Rs 300 crore to spy on 300 people. It’s a price tag put on our democracy. We should collectively ask where they got such money to capture our democracy,” he says.
Rao, who didn’t have any inkling that he too was under surveillance, says he was shocked by the revelation that the phone of the woman who filed a sexual harassment case against a former CJI as well as the phones of her family members were being hacked. “My heart goes out to that family,” says Rao.
Another revelation that hit who was the headlines was the hacking of Prashant Kishor’s phone. Forensic examination of the phone revealed that it was compromised as recently as July 13, when he met Rahul and Priyanka Gandhi in New Delhi. Observers say spying on Kishor’s phone was significant as he is believed to have an important role to play in the run-up to the state elections due early next year and the 2024 general elections. According to the reports, Kishor’s phone was also compromised on April 28, a day before the last phase of polling in the West Bengal assembly election. Kishor played a crucial role in Mamata Banerjee’s resounding victory against the BJP. Another name that found mention in the hacking list was her nephew, Abhishek Banerjee.
The Congress camp is also intrigued by the revelation that phone numbers of leaders of the then Janata Dal (Secular)-Congress government in Karnataka were possible targets for surveillance in 2019. That was the time when the coalition collapsed and the BJP took over with B.S. Yediyurappa as the CM. While the Congress blamed ‘snooping’ for the fall of the government, forensic examination was not conducted on the devices to back the claim. Congress leader Sushmita Dev says the government has to come clean on what is being dubbed ‘Pegasus snoopgate’. “If one looks at the profile of the people who are being spied upon, and the whopping money paid, it shows the involvement of political power,” she says.
Among others on the list is Jagdeep Chhokar, co-founder of the Association for Democratic Reforms. “We have been doing things that will improve democracy by reforming the electoral process. Does that amount to being against the government? We have been doing this for the past 20 years. My work is in public domain. Therefore, it was completely unnecessary to waste money by spying on me,” says Chhokar.
Forensic examination of some of the phones of the 40 journalists identified as potential targets has confirmed infection. While most of the journalists work in English language national media, the list also includes others such as Jharkhand-based Hindi journalist Rupesh Kumar Singh and Jaspal Singh Heran, editor of Rozana Pehredar, a Punjabi daily. Rupesh, who freelances for Hindi publications, says he was not surprised when his name figured on the list of journalists who might have been targeted by the Pegasus malware. “In Jharkhand, the government often ties up with foreign corporates and gives away Adivasi land for their use. Whenever Adivasis raise their voice, they are labelled as Maoists and killed in fake encounters. My reporting has been primarily focused on this,” he says, adding that he was arrested in a fabricated case under the Unlawful Activities (Prevention) Act when his reports on police violence against Adivasis sparked a row. The Jharkhand-based journalist claims he was aware that his phone was being tapped, but he thought it was being done by the district police. “I did not know about the extent of surveillance and the central government’s role in it. Although the government is denying its role, the NSO Group has clearly stated that it sells only to governments. All those who have spoken out against this government and exposed its workings have been targeted. The aim is to suppress their voices and instill fear in them,” he says.
Calling the Pegasus episode “an attack on our freedom”, Heran says it won’t deter him from doing “fearless journalism”. “If this has been carried out by the government, then democracy is a myth. We are living in a dictatorship. If anyone who speaks up is met with sticks and stones, then how are we a democracy?” he asks.
Opposition leaders protest against the alleged snooping
In 2019, when WhatsApp said it had alerted the government about 121 phones being compromised, experts pointed out that no due process was followed. Apar Gupta, executive director at Internet Freedom Foundation, says the government should now initiate a high-level independent investigation. “There is a credible basis to the allegations being raised with respect to threats of national security, given that the targeted people are public personalities holding high offices. The lack of a clear denial by the government raises the possibility of a foreign government using Pegasus to target Indian citizens. At the very least, a joint parliamentary committee is needed to restore some degree of confidence, if not to address the breach of national security,” says Gupta.
Though the Union minister for information technology denied any unauthorised spying and claimed that the agencies stick to well-established protocols on interception, experts point out the faultlines in existing laws and their implementation. Pranesh Prakash, co-founder of the Centre for Internet and Society, alleges that the “checks and balances” are not being followed. “Though we have laws regulating interception, those are not followed and legal action is not taken when they are not followed. With regard to intelligence agencies, there are no regulations. Even other agencies are conducting surveillance in India,” says Prakash.
The leaked data also includes at least nine phone numbers belonging to activists, lawyers and academics arrested in connection with the Bhima-Koregaon ‘Maoist conspiracy’ case. Jenny Rowena, wife of arrested academic Hany Babu, whose phone number figured on the list of potential targets, says the revelations vindicate the stand of the accused that electronic data cannot be used as the sole evidence. “US-based Arsenal Consulting had already found that two of the devices of the accused have been compromised and malware planted in them. The recent revelations have only vindicated our position. The right to privacy has also been violated,” she says.
Minal Gadling, wife of arrested lawyer Surendra Gadling, claims her phone has been compromised since 2019. “I didn’t think of taking any precautions because I don’t have anything to hide. I only ensured that I didn’t put my SIM in anyone else’s phone,” she says. Now that her phone number has again appeared on the Pegasus list, Minal says it is a serious case of intrusion into privacy. “My privacy was violated, as was my husband’s, but they even went to the extent of targeting my family members. Even if they targeted only my phone, my kin are indirectly being affected. Our messages, pictures and locations…why should the world know about these?” she asks.
Apar Gupta finds a connection here. “The 2019 reports on the first list of Pegasus targets included several activists, including those who are being prosecuted in the Bhima-Koregaon case. Forensic analysis by Arsenal Consulting showed that the devices of two of the accused had been tampered with and hacked by spyware. Putting two and two together, there is a strong inference that makes the evidence, which forms the basis of the criminal investigation, suspect,” he says.
***
Past Prying
1969 Indira Gandhi vs Syndicate
When Congress expelled then prime minister Indira Gandhi in 1969, she formed a rival outfit—Congress (Requisitionists)—while K. Kamaraj led the Congress (Organisation), more popularly called the Syndicate. Its leaders like Kamaraj, Morarji Desai, S. Nijalingappa and Hitendra Desai would routinely accuse Indira of tapping their phones.
1975-1977 The Emergency years
Accounts by politicians, journalists and civil society members suggest that Indira Gandhi routinely placed not just her political rivals, but also her own party colleagues, under different forms of surveillance, including phone taps.
The M.K. Dhar revelations
In his 2005 book, Open Secrets: India’s Intelligence Unveiled, the late Maloy Krishna Dhar, a former joint director in the Intelligence Bureau (IB), accused Indira Gandhi of being the country’s first politician who frequently authorised phone taps. Among a score of other revelations, Dhar’s book claimed that soon after Maneka Gandhi had walked out of Indira’s house in 1982, the PM had ordered phones of her estranged daughter-in-law and her mother, Amteshwar Anand, to be tapped. Dhar also claimed that among others whose phones were tapped at various times on Indira’s directions was then home minister Giani Zail Singh.
Dhar’s book also claims that PM Rajiv Gandhi too ordered IB to snoop on Zail Singh, who by then was the President of India. According to Dhar, even Rashtrapati Bhavan was bugged, and that Singh would insist that visiting politicians and dignitaries should meet him on the Rashtrapati Bhavan lawns.
1990 V.P. Singh vs Chandra Shekhar
Months before he succeeded V.P. Singh as PM, Chandra Shekhar had alleged the central government was illegally tapping his phones along with those of 26 other politicians. Though a CBI probe ordered by Singh concluded none of Shekhar’s phones were tapped, the inquiry report claimed the Rajiv Gandhi government had illegally tapped phones of scores of politicians, including Union ministers Arif Mohammed Khan and K.C. Pant, former CMs A.R. Antulay, Chimanbhai Patel and M. Karunanidhi, and others.
1991 Chandra Shekhar vs Rajiv Gandhi
Four months after he became PM following his accusations against V.P. Singh of authorising illegal phone taps, Chandra Shekhar faced allegations of spying on Rajiv Gandhi. Congress, which had extended outside support to Shekhar’s unsteady coalition government, alleged that two Haryana policemen were caught near Rajiv’s 10 Janpath home spying on the former PM. It triggered Shekhar’s resignation as PM within days.
1980s Karnataka Ramakrishna Hegde and Gundu Rao
In 1988, then Karnataka CM Ramakrishna Hegde of the Janata Party was forced to step down after being accused of illegally tapping phones of over 50 politicians, including H.D. Deve Gowda, Ajit Singh and Veerappa Moily. Earlier, the state’s Congress government under R. Gundu Rao too had faced allegations of illegally snooping on stalwarts like S. Bangarappa and Devraj Urs.
2006 Sonia Gandhi vs Amar Singh
In January 2006, then UP CM Mulayam Singh Yadav addressed a press conference and accused Congress president Sonia Gandhi of ordering tapping the phones of his close aide Amar Singh. Then Tamil Nadu CM J. Jayalalitha joined the chorus, claiming her phones had also been tapped.
2010: The NTRO surveillance scandal
The UPA government was again in the dock in April 2010 over a report first published by Outlook, claiming mobile phones of Congress general secretary Digvijaya Singh, Bihar CM Nitish Kumar, CPI(M) general secretary Prakash Karat and Union agriculture minister Sharad Pawar, among others, had been tapped by National Technical Research Organisation (NTRO).
Pranab Mukherjee, A.K. Antony, Yashwant Sinha and Arun Jaitley
UPA-II was repeatedly rocked by allegations of illegal surveillance. The most embarrassing episode was the allegation that then Union finance minister Pranab Mukherjee’s North Block office had been bugged, which triggered a crisis in June 2011. Opposition leaders, particularly from the BJP, alleged the finance minister’s office had been bugged on authorisation of home minister P. Chidambaram. A sweep conducted by private investigators, however, dismissed the allegations.
In 2012, there were reports that a bug had been found in the office of then defence minister A.K. Antony, but an IB probe dismissed the allegation. The same year, then BJP leader Yashwant Sinha (left) accused Chidambaram of authorising illegal tapping of his phone. The following year, the government was once again ambushed by allegations of snooping on Arun Jaitley, then leader of opposition in the Rajya Sabha.
The Niira Radia tapes
The leaked telephonic conversations of corporate lobbyist Niira Radia with then Union minister A. Raja and scores of other politicians and prominent journalists in the run-up to the UPA-II cabinet formation was arguably one of the biggest phone-tapping scandals in India. Radia was accused of trying to influence decisions on cabinet formation by lobbying for the appointment of Raja as telecom minister and scuttling the chances of Dayanidhi Maran. Raja was later accused in the 2G spectrum scam, but was cleared of all charges by a special CBI court.
***
The Snooping 10
These are intelligence and investigating agencies, including Delhi Police, that have been granted permission to intercept, monitor and decrypt “any information generated, transmitted, received or stored in any computer resource”. This is under Section 69 of the IT Act, 2000, and Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.
Intelligence Bureau
Narcotics Control Bureau
Enforcement Directorate
Central Board of Direct Taxes
Directorate of Revenue Intelligence
Central Bureau of Investigation
National Investigation Agency
Cabinet Secretariat (R&AW)
Directorate of Signal Intelligence (For service areas of Jammu and Kashmir, and the Northeast only)
Commissioner of Police, Delhi
***
Malware Alert
There’s no fixed way to figure out if your phone has been hacked because spyware tech keeps evolving rapidly. But there are
a few thumb rules to follow. Stay alert.
1 Phone heats up and slows down suddenly. Battery drains fast and there’s a surge in mobile data usage.
2 Periodically check if there are any apps you didn’t download.
3 Apps crash regularly, and usual sites bear different layouts and have strange pop-ups
4 Texts or calls you didn’t make appear in the log, or photos/videos in your gallery that you didn’t take. Someone’s controlling your camera remotely.
5 You’re not using the phone, but flashlight goes on
(This appeared in the print edition as "By Stealth, Stakeout and Spyware")