More than 50,000 smartphone numbers appear on a list of phones concentrated in countries known to engage in surveillance on their citizens and also known to have been clients of the NSO Group, the investigation revealed.
The leaked database of numbers was accessed by Paris-based media nonprofit Forbidden Stories and Amnesty International and shared with several news organisations as part of a collaborative investigation called the ‘Pegasus Project’.
Amnesty’s Security Lab examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration.
For the remaining 30, the tests were inconclusive, in several cases because the phones had been replaced.
List includes over 300 verified Indian mobile telephone numbers
According to The Wire, which was part of the investigations, the list includes over 300 verified Indian mobile telephone numbers, including those used by ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists and others.
Forensic tests conducted as part of this project on a small cross-section of phones associated with these numbers revealed clear signs of targeting by Pegasus spyware in 37 phones, of which 10 are Indian.
The numbers of those in the database include over 40 journalists, three major opposition figures, one constitutional authority, two serving ministers in the Narendra Modi government, current and former heads and officials of security organisations and scores of businesspersons, claimed The Wire report.
‘Attempt to malign Indian democracy and its institutions’
The Centre in its reaction to the report said that the allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever.
In the past, similar claims were made regarding the use of Pegasus on WhatsApp by Indian State. Those reports also had no factual basis and were categorically denied by all parties, including WhatsApp in the Indian Supreme Court.
This news report, thus, also appears to be a similar fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions, the government said in its response.
‘Reporters identify over 1,000 people spanning more than 50 countries’
The numbers on the list are unattributed, but reporters were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents.
On the list are several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials — including cabinet ministers, diplomats, and military and security officers. The numbers of several heads of state and prime ministers also appeared on the list.
The media consortium analyzed the list through interviews and forensic analysis of the phones, and by comparing details with previously reported information about NSO. Amnesty’s Security Lab examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration.
NSO Group’s response
In response to detailed questions from the media organisations, NSO said in a statement that it did not operate the spyware it licensed to clients and did not have regular access to the data they gather.
The NSO called the investigation’s findings exaggerated and baseless. It also said it does not operate the spyware licensed to its clients and “has no insight” into their specific intelligence activities.
NSO describes its customers as 60 intelligence, military and law enforcement agencies in 40 countries, although it will not confirm the identities of any of them, citing client confidentiality obligations.