Indian Prime Minister Narendra Modi’s most prominent political rival, opposition figure Rahul Gandhi, was twice selected as a potential surveillance target in leaked phone number data, making him one of dozens of Indian politicians, journalists, activists and government critics whose numbers were identified as possible targets for the Israeli company’s government clients.
Two numbers belonging to Gandhi, who led the Congress party during India’s 2019 national elections, were selected as candidates for possible surveillance in the year before the vote and in the months afterwards by NSO, whose spying tool Pegasus allows customers to infiltrate mobile phones and monitor messages, camera feeds and microphones.
Phones belonging to at least five of Gandhi’s close friends and other Congress party officials were also identified as potential targets using the spyware, according to a leaked list of potential targets selected by NSO customers.
The data was accessed by the non-profit journalism organisation Forbidden Stories and Amnesty International and shared with the Guardian and other media outlets as part of the Pegasus project. It is not possible to say whether a phone in the leaked data was successfully hacked without forensic analysis.
But the consortium confirmed Pegasus infections, or signs of potential targeting, on phones linked to 10 Indian numbers and on an additional 27 phones around the world.
Gandhi, who changes his device every few months to avoid surveillance, was not able to provide the phone he used at the time for examination.
A successful hacking would have granted Modi’s government access to the private data of the prime minister’s primary challenger in the year before the 2019 elections. “Targeted surveillance of the type you describe whether in regard to me, other leaders of the opposition or indeed any law-abiding citizen of India is illegal and deplorable,” Gandhi said.
“If your information is correct, the scale and nature of surveillance you describe goes beyond an attack on the privacy of individuals. It is an attack on the democratic foundations of our country. It must be thoroughly investigated and those responsible be identified and punished.”
The selection of the opposition leader’s phone as a possible surveillance target in 2019 coincided with the identification of the numbers of two staff members, Sachin Rao and Alankar Sawai, who at the time were working on forthcoming state election campaigns against Modi’s party in Haryana and Maharashtra.
Forensic analysis conducted on Wednesday on the phone of Prashant Kishor, a political strategist working for the party that defeated Modi’s Bharatiya Janata party (BJP) in the West Bengal state election earlier this year, established it had been hacked using Pegasus as recently as the day it was examined.
The examination by Amnesty’s Security Lab also found evidence of intrusion by Pegasus in April – in the midst of the election campaign – indicating Kishor’s phone calls, e-mails and messages were being monitored throughout the final weeks of the bitter contest.
Kishor said the findings were “really disappointing”.“Those who did (the hacking) were looking to take undue advantage of their position of power with the help of illegal snooping,” he said.
Analysis of the more than 1,000 mostly Indian phone numbers selected for potential targeting by the NSO client that hacked Kishor strongly indicate intelligence agencies within the Indian government were behind the selection.
NSO has always maintained it “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets”. In statements issued through its lawyers, NSO said it would “continue to investigate all credible claims of misuse and take appropriate action”.
Following the launch of the Pegasus project, Shalev Hulio, the founder and chief executive of NSO, said he continued to dispute the leaked data “has any relevance to NSO”, but added he was “very concerned” about the reports and promised to investigate them all.“We understand that in some circumstances our customers might misuse the system,” he said.
NSO markets Pegasus as a tool for fighting terrorism and crime, but the inclusion of a major Indian opposition leader in the records – alongside political staffers, labour unionists, Tibetan Buddhist clerics, social justice campaigners and a woman who accused India’s most senior judge of sexual harassment – raises troubling questions about the way the hacking software may have been used in India.
Related Story