India targeted high-profile journalists with Pegasus spyware: Amnesty

India’s government has used the highly invasive Pegasus spyware to target high-profile journalists, according to a new investigation by Amnesty International and The Washington Post.

The findings, published on Thursday, noted India’s repeated use of Pegasus against journalists, including one who was previously a victim of an attack using the same spyware.

Created by Israeli firm NSO Group, Pegasus can be used to access a phone’s messages and emails, peruse photos, eavesdrop on calls, track locations and even film the owner with the camera.

Watchdogs have documented widespread use of the spyware – which NSO says is only sold to governments or security agencies – against journalists and activists in dozens of countries, including India.

Amnesty said journalists Siddharth Varadarajan, founding editor of digital media outlet The Wire, and Anand Mangnale, South Asia editor at The Organized Crime and Corruption Reporting Project (OCCRP), had been targeted with the spyware on their iPhones, with the latest identified case in October 2023.

“Increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment and intimidation,” said Donncha O Cearbhaill, the head of Amnesty’s Security Lab.

“Despite repeated revelations, there has been a shameful lack of accountability about the use of Pegasus spyware in India which only intensifies the sense of impunity over these human rights violations.”

Amnesty said its Security Lab recovered evidence from Mangnale’s device that a zero-click exploit designed to covertly install Pegasus was sent to his phone.

A zero-click exploit refers to malicious software that allows spyware to be installed on a device without the user needing to click on a link.

‘Unlawful attack’

In October, Apple issued a new round of threat notifications globally to iPhone users who may have been targeted by “state-sponsored attackers”. More than 20 journalists, and opposition politicians in India were reported to have received the notifications.

Mangnale’s phone was targeted at a time when he was working on a story about an alleged stock manipulation by a large multinational conglomerate in India, Amnesty said.

The OCCRP published an investigation in August into the financial dealings of Indian tycoon Gautam Adani, a key ally of Indian Prime Minister Narendra Modi.

Mangnale told the AFP news agency that he was targeted “within hours” of sending questions to the Adani Group on behalf of the OCCRP.

Varadarajan – who was previously hacked with Pegasus spyware in 2018 – suggested to The Washington Post that he had been targeted for leading opposition to the detention of a prominent news publisher in New Delhi.

India’s government did not immediately respond to questions about the investigation.

In 2021, New Delhi was accused of using Pegasus to surveil journalists, opposition politicians and activists, with leaked documents showing the spyware had been used against more than 1,000 Indian phone numbers.

“Targeting journalists solely for doing their work amounts to an unlawful attack on their privacy and violates their right to freedom of expression. All states, including India, have an obligation to protect human rights by protecting people from unlawful surveillance,” Amnesty’s O Cearbhaill said.

Activists say press freedom in the world’s biggest democracy has suffered during Modi’s tenure. India has fallen 21 spots to 161 out of 180 countries in the World Press Freedom Index, compiled by Reporters Without Borders, since he took office in 2014.