The Indian government has been using Pegasus spyware to target prominent journalists, according to a joint investigation by Amnesty International and The Washington Post released on Thursday.
The spyware, developed by Israeli firm NSO Group and sold to governments worldwide, allows access to a phone’s messages, emails, photos, call recordings, location data, and even the phone’s camera.
The spyware used both “IP addresses as well as domain names to reach its targets,” according to the National Herald, an Indian newspaper.
There has been enough research published in the field of cyber security since a rival leaked the Pegasus user handbook in 2016 to enable forensic analyses.
As domain names are normally sold for a minimum of a year, the spyware was also typically employed for several months of target surveillance.
The investigation revealed that journalists Siddharth Varadarajan of The Wire and Anand Mangnale of The Organized Crime and Corruption Reporting Project were among those targeted with the spyware on their iPhones, with the latest known case occurring in October, AFP reported.
“Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation,” said Donncha O Cearbhaill, Head of Amnesty International’s Security Lab.
While India’s government did not immediately respond, it denied similar accusations in 2021 that it used Pegasus spyware to surveil political opponents, activists and journalists.
Indian media reported last month that the country’s cyber security unit was investigating allegations by opposition politicians of attempted phone tapping after they reported receiving Apple iPhone warnings of “state-sponsored attackers”.
In that case, Ashwini Vaishnaw, the information and technology minister, said the government was “concerned” by the complaints.