In an exclusive report published in Washington Post on December 27, 2023 (Rising India, Toxic Tech), the prominent US-based newspaper, Washington Post has reported on how Apple’s warnings to its users that government hackers may have tried to break into their iPhones, led to an aggressive questioning by officials from the ruling Bharatiya Janata Party (BJP).
First, there was the public scepticism on whether, Apple, a company based in the Silicon Valley had a sufficiently robust internal method of checking internal threat algorithms –or they were faulty—and had announced an investigation into the security of Apple devices. There were demands that the company “soften the impact of the warnings”. Second, they apparently, according to The Post, also summoned an Apple security expert from outside the country to a meeting in New Delhi, where government representatives pressed the Apple official to come up with alternative explanations for the warnings to users, the people said. They spoke on the condition of anonymity to discuss sensitive matters.
Not coincidentally, in more recent weeks, The (Washington) Post, in collaboration with Amnesty, has reported on new cases of infections on phones belonging to Indian journalists. More investigations by both The Post and a New York security firm iVerify found that opposition politicians had been targeted, adding to the evidence suggesting the rather brazen and continued use, by the Indian government of powerful surveillance tools.
Further, in addition, Amnesty had showed The Post evidence it found in June that suggested a Pegasus customer was preparing to hack people in India. Amnesty asked that the evidence not be detailed to avoid teaching Pegasus users how to cover their tracks. “These findings show that spyware abuse continues unabated in India,” said Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab. “Journalists, activists and opposition politicians in India can neither protect themselves against being targeted by highly invasive spyware nor expect meaningful accountability.”
Meanwhile, ironically, the report also states that the NSO spokesperson Liron Bruck said that the company does not know who is targeted by its customers but investigates complaints that are accompanied by details of the suspected hack. “While NSO cannot comment on specific customers, we stress again that all of them are vetted law enforcement and intelligence agencies that license our technologies for the sole purpose of fighting terror and major crime,” Bruck said. “The company’s policies and contracts provide mechanisms to avoid targeting of journalists, lawyers and human rights defenders or political dissidents that are not involved in terror or serious crimes.”
During the Modi government and the BJP representatives open attempts to arm-twist the visiting Apple official, the person reportedly stood by the company’s warnings. However, the aggressive intensity of the Indian government effort to “discredit and strong-arm Apple” has seriously disturbed executives at the company’s headquarters, in Cupertino, Calif., and illustrated how even Silicon Valley’s most powerful tech companies can face pressure from the increasingly authoritarian leadership of the world’s most populous country, India. India is also a huge technology market in the coming decade.
This incident also is symptomatic of the dangers faced by those critical of the government in India and the lengths to which the Modi administration will go to deflect suspicions that it has engaged in hacking against its perceived enemies, according to digital rights groups, industry workers and Indian journalists.
At the end of October 2023, most of the 20 plus people who received Apple’s warnings have been openly critical of Modi or his long time ally, Gautam Adani, an Indian energy and infrastructure tycoon. This included a prominent politician from West Bengal state, a Communist leader from southern India and a New Delhi-based spokesman for the nation’s largest opposition party. Among the journalists who received notifications, two stood out: Anand Mangnale and Ravi Nair of the Organized Crime and Corruption Reporting Project, a non-profit alliance of dozens of independent, investigative newsrooms from around the world. Siddharth Varadarajan, a co-founder of the Indian digital media outlet the Wire, received one of Apple’s Oct. 30 warnings. Amnesty found that the same hackers that broke into Mangnale’s phone had tried to do the same to Varadarajan’s.
It was on August 23, 2023 that the OCCRP emailed Adani seeking comment for a story it would publish a week later alleging that his brother was part of a group that had secretly traded hundreds of millions of dollars’ worth of the Adani Group conglomerate’s public stock, possibly in violation of Indian securities law. A forensic analysis of Mangnale’s phone, conducted by Amnesty International and shared with The Washington Post, found that within 24 hours of that inquiry, an attacker infiltrated the device and planted Pegasus, the notorious spyware that was developed by Israeli company NSO Group and that NSO says is sold only to governments. An Adani spokesperson not just denied this but accused OCCRP of conducting a “smear campaign against the Adani group. While the top guns in the Modi administration kept mum, Gopal Krishna Agarwal, a national spokesman for the BJP, said any evidence of hacking should be presented to the Indian government for investigation.
Incidentally, the Modi government has never confirmed or denied using spyware, and it has refused to cooperate with a committee appointed by India’s Supreme Court to investigate whether it had. It may be recalled that two years ago, in 2021, the Forbidden Stories journalism consortium, which included The Post, found that phones belonging to Indian journalists and political figures were infected with Pegasus, which grants attackers access to a device’s encrypted messages, camera and microphone.
All the details of the controversy may read in The Washington Post here. David Kaye, a former United Nations special rapporteur on free expression who has testified before an Indian Supreme Court committee probing the government’s suspected use of Pegasus, said the recent reporting by The Post and its partners “further shifts the burden onto the Indian government to disprove the allegations that it uses these kinds of tools.” ”Especially after this information, the government absolutely has to be honest and transparent,” Kaye said. “But the accretion of evidence suggests this is not divorced from the broader assault by the Modi government on the freedom of expression and the right to protest.”
Related:
Pegasus Project: 5 targeted journalists move SC, say have been subject to intrusive hacking
‘Government-backed attacks’: Google warned 500 Indians against hacking