Indian Human Rights Defenders Targeted by Email Spyware Campaign, Says New Report

Details of this coordinated spyware attack were first revealed by The Wire in December 2019.

New Delhi: Nine human rights defenders in India were targets of a “coordinated spyware campaign” whose aim was to monitor their actions and communications, an investigation by Amnesty International and internet watchdog Citizen Lab has found.

The nine targets included well-known activists, lawyers, academics and journalists.

Seven of these nine people had also called for the release of other activists who have been charged by the police in connection to the Bhima Koregaon incident.

“Between January and October 2019, the HRDs (human rights defenders) were targeted with emails containing malicious links. If these links were clicked, a form of commercially-manufactured Windows spyware would have been deployed, compromising the target’s Windows computers, in order to monitor their actions and communications. This is a violation of their rights to freedom of expression and privacy,” the Citizen Lab-Amnesty International report notes.

“…Each of the targets were sent spearphishing emails containing malicious links that, if opened, would have installed NetWire, a commercially available spyware. A spearphishing attack is a targeted attempt to install a spyware (a malicious software) on the victim’s computer or smartphone. Spearphishing is generally performed by sending very carefully crafted and personalized emails to the target, often impersonating colleagues or loved ones.”

Also read: Pegasus Episode Should Not Make You Give Up Hope of Communicating Securely

According to the report, while it is unclear who was behind the spyware campaign, the targets included: lawyers and activists Nihalsing B Rathod, Degree Prasad Chouhan, Yug Mohit Choudhary and Ragini Ahuja; academics Partho Sarothi Ray and P.K. Vijayan, a human rights collective – Jagdalpur Legal Aid Group (JAGLAG) – and lawyer Shalini Gera. Amnesty International says another JAGLAG member, Isha Khandelwal, also received malicious emails on her personal account. A Maharashtra-based journalist who covered the Bhima Koregaon incident, but is not named by the report, was also a target.

Details of this spyware campaign were first revealed by The Wire in December 2019.

At the time, The Wire’s Sukanya Shantha reported on how a number of activists, academics and lawyers had received suspicious emails, which appeared to be part of a coordinated spyware attack.

The subject lines of some of these emails comprised a wide range of topics including: “Reminder Summons For Rioting Case”, “Pune SHO Sexually Abuse Journalists” and “Re: Summons Notice For Rioting Case Cr. 24/ 2018”.

An earlier report by The Wire in November 2019 documented how Ray, a Kolkata-based academic, had received an alert from Yahoo, warning him that his email account may have been the target of government-backed actors.

Amnesty International and Citizen Lab, the latter of which also helped WhatsApp shed light on the Pegasus controversy, have called for an “independent impartial, and transparent investigation into the unlawful targeted surveillance of the nine human rights defenders”.

“Three of the HRDs in this incident were targeted earlier in 2019 with NSO Group’s Pegasus spyware, a commercial product only sold to government entities. This new campaign confirms that there is a pattern of digital attacks against HRDs supporting the imprisoned Bhima Koregaon activists. This pattern underscores the necessity of India fulfilling its obligation to provide a remedy for these abuses by conducting a full, independent and impartial investigation into these attacks, including by determining whether there are links between this spyware campaign and specific government agencies,” the report concludes.