Amnesty Details 'Shocking' Allegations of India Targeting Reporters With Pegasus Spyware
"Increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs," said one advocate.
Amnesty International on Thursday demanded transparency from the Indian government regarding its contracts with surveillance companies, including the Israeli firm NSO Group, after the rights organization joined The Washington Post in publishing what it called "shocking new details" about the use of spyware to target journalists in India.
Amnesty's Security Lab revealed that a round of "state-sponsored attacker" notifications that were sent to Apple customers in October by the tech company went to more than 20 Indian journalists including Siddharth Varadarajan, founding editor of The Wire, and Anand Mangnale, South Asia editor at the Organized Crime and Corruption Report Project (OCCRP).
The Security Lab ran a forensic analysis of the two reporters' devices and found evidence that the NSO Group's highly invasive Pegasus spyware, which is capable of eavesdropping on phone calls and harvesting data, had been installed on phones owned by Varadarajan and Mangnale.
In Mangnale's case, the journalist appeared to have received a "zero-click exploit" via iMessage on August 23, allowing the individual or group who sent it to covertly install Pegasus spyware on his phone without requiring Mangnale to take any action, such as clicking a link.
At the time of the attempted attack, said Amnesty, Mangnale was working on a story about alleged stock manipulation by a major Indian multinational firm with ties to Indian Prime Minister Narendra Modi. The journalist told Agence France Presse that his phone was targeted "within hours" of his sending interview questions to the company.
The timing of the attack—and the fact that NSO Group has said it only licenses Pegasus to governments and security agencies—was "a hell of a coincidence," Mangnale said.
"Targeting journalists solely for doing their work amounts to an unlawful attack on their privacy and violates their right to freedom of expression," said Donncha Ó Cearbhaill, head of Amnesty's Security Lab. "All states, including India, have an obligation to protect human rights by protecting people from unlawful surveillance."
The Indian government was previously accused of targeting journalists, opposition politicians, and activists with Pegasus in 2021, when leaked documents showed the spyware had attacked more than 1,000 phone numbers.
India has fallen 21 spots to 161 out of 180 countries in Reporters Without Borders' World Press Freedom Index since Modi took office in 2014. In addition to the alleged use of spyware by the government, journalists have been arrested and detained while covering anti-government protests, and reporters have been targeted by coordinated social media campaigns inciting hatred and violence.
Varadarajan was the subject of an earlier report by Amnesty, which documented how he had previously been targeted by Pegasus spyware in 2018.
This past October the same email address used in the Pegasus attack on Mangnale was identified on Varadarajan's phone, confirming he was targeted again.
Varadarajan told The Washington Post that at the time of the most recent covert spyware installation, he had been leading public opposition to the detention of a news publisher in New Delhi.
"Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said Ó Cearbhaill.
The group called for the Indian Supreme Court to immediately release the findings of a technical committee report on Pegasus, which was completed in 2022 but has still not been made public.
"Despite repeated revelations," said Ó Cearbhaill, "there has been a shameful lack of accountability about the use of Pegasus spyware in India which only intensifies the sense of impunity over these human rights violations."
