Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation
Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.
Forensic investigations by Amnesty International’s Security Lab confirmed that Siddharth Varadarajan, Founding Editor of The Wire, and Anand Mangnale, the South Asia Editor at The Organised Crime and Corruption Report Project (OCCRP), were among the journalists recently targeted with Pegasus spyware on their iPhones, with the latest identified case occurring in October 2023.
The use of Pegasus, a type of highly invasive spyware, developed by Israeli surveillance firm NSO Group, comes amid an unprecedented crackdown by the Indian authorities on freedom of peaceful expression and assembly, which has had a chilling impact on civil society organizations, journalists, and activists.
“Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation,” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.
“Despite repeated revelations, there has been a shameful lack of accountability about the use of Pegasus spyware in India which only intensifies the sense of impunity over these human rights violations.”
Forensic evidence reveals Pegasus activity
Amnesty International’s Security Lab first observed indications of renewed Pegasus spyware threats towards individuals in India during a regular technical monitoring exercise in June 2023, a number of months after media reported that the Indian government was seeking to procure a new commercial spyware system.
In October 2023, Apple issued a new round of threat notifications globally to iPhone users who may have been targeted by “state-sponsored attackers”. More than 20 journalists, and opposition politicians in India were reported to have received the notifications.
As a result, Amnesty International’s Security Lab undertook a forensic analysis on the phones of individuals around the world who received these notifications, including Siddharth Varadarajan and Anand Mangnale. It found traces of Pegasus spyware activity on devices owned by both Indian journalists.
The Security Lab recovered evidence from Anand Mangnale’s device of a zero-click exploit which was sent to his phone over iMessage on 23 August 2023, and designed to covertly install the Pegasus spyware. The phone was running iOS 16.6, the latest version available at the time.
A zero-click exploit refers to malicious software that enables spyware to be installed on a device without requiring any user action from the target, such as clicking on a link.
This story was originally published in amnesty.org. Read the full story here .