New Delhi: In a sign that intrusive surveillance technologies are perhaps being deployed to gather information about the principal opposition party, The Wire and its media partners in the Pegasus Project can confirm that at least two mobile phone accounts used by Congress leader Rahul Gandhi were among 300 verified Indian numbers listed as potential targets by an official Indian client of the Israeli surveillance technology vendor, NSO Group.
Such was the apparent interest in Gandhi that the numbers of five of his social friends and acquaintances were also placed on the list of potential targets. None of the five plays any role in politics or public affairs.
Gandhi’s numbers, which he has since given up, are part of a large database of leaked numbers believed to be drawn up by NSO Group clients and accessed by the French media nonprofit Forbidden Stories and shared with 16 news organisations, including The Wire, The Guardian, Washington Post, Le Monde and Haaretz.
The forensic inspection of a cross-section of phones drawn from this list by Amnesty International’s technical lab has confirmed the presence of Pegasus spyware in as many as 37 instruments, 10 of which are in India.
Gandhi’s phones are not among those examined as he no longer has the handsets he used at the time that his numbers appear to have been selected for targeting – from mid-2018 to mid-2019.
In the absence of forensics, it is not possible to conclusively establish whether Pegasus was deployed against Gandhi. At the same time, the presence of at least nine numbers linked to his circle – one of the larger clusters around a person of interest that the Pegasus Project has detected – suggests that his presence in the leaked database is not happenstance.
Gandhi told The Wire that he had received suspicious WhatsApp messages in the past – one of the known vectors for a spyware hack – and frequently changed numbers and instruments so as to make it “a little harder for them” to target him.
NSO Group says its spyware is only sold to governments. Though the company will not confirm the identity of its customers, mounting forensic evidence of infections in India – revealed by the Pegasus Project and earlier by Citizen Lab – suggests one or more official agencies have been using the spyware to hack into smartphones. This suspicion is fuelled by the Narendra Modi government’s refusal on multiple occasions – including in response to a direct question from the Pegasus Project last week – to answer whether or not it uses Pegasus.
The choice of Rahul Gandhi as a target for potential surveillance at a time when he was president of the opposition Congress and was leading his party into the 2019 general election against Narendra Modi raises troubling questions about the integrity of the electoral process. In the United States, an attempt by Richard Nixon to snoop on the offices of his Democratic rivals in the run up to the 1972 presidential election – the Watergate scandal – eventually cost him his job.
Asked for his reaction to the news that he had been placed on a list of potential targets for hacking, Gandhi told The Wire,
“Targeted surveillance of the type you describe whether in regard to me, other leaders of the opposition or indeed any law-abiding citizen of India is illegal and deplorable. If your information is correct, the scale and nature of surveillance you describe goes beyond an attack on the privacy of individuals. It is an attack on the democratic foundations of our country. It must be thoroughly investigated and those responsible be identified and punished.”
Apart from Gandhi’s personal phones, the numbers of two close aides, Alankar Sawai and Sachin Rao, also figure in the leaked database, for mid-2019.
Rao is a member of the Congress Working Committee whose current role involves training party cadre while Sawai is attached to Gandhi’s office and typically spends most of his working day with him. Sawai’s phone was stolen in 2019 and thus unavailable for forensic examination, while Rao said his phone from that period got ‘fried’ and no longer switches on.
The Wire reached out to each of Gandhi’s friends and social acquaintances on the leaked database of phone numbers to inform them of their presence in a surveillance-related list. Three of the five agreed to discuss the issue, while the remaining two chose not to, one because they did not want to risk attracting any further official attention.
The three friends who did speak to The Wire, two of whom are women, were understandably alarmed at the thought of having been targeted for intrusive surveillance and sought advice on how to protect their privacy in the face of spyware like Pegasus. They could think of no reason why any official agency would have marked them out as persons of interest in mid-2019, the period in question. Two of the three no longer used the handset in question while the third said they would prefer to change their phone rather than go in for a forensic examination of their existing instrument.
As none of the five friends and acquaintances of Rahul Gandhi whose numbers figure in the leaked database are in public life, the Pegasus Project, at their request, is withholding their names to protect their privacy.
Read The Wire’s coverage as part of the Pegasus Project here.