Recently, a consortium of seventeen global media organizations published requirements for the investigation on the leaked list of phone numbers across the world, dubbing the Pegasus Project. This list of phone numbers is assumed as the “target list” of phones that are hacked or going to be hacked by Pegasus spyware, created and sold by NSO Group, from Israel. The list contains contact numbers of prominent journalists and dissidents from various countries, judges, politicians, businessmen, rights activists, heads of state, and others. Some listed targets cooperated with Amnesty International and a consortium of media for forensic examination of their devices. They have found hacking evidence using the Pegasus suite.
The Pegasus spyware suite is created and sold by an Israeli company, named NSO Group i.e. “vetted government clients”. The software is used to conduct surveillance on some targeted Mac, Windows computers and iOS, Android smartphones. This spyware can be distributed on links that can be sent via SMS, email, WhatsApp messages, etc. It can also target and infect smartphones simply through a WhatsApp call.
As per The Wire’s report, the client list of NSO Group includes governments of Bahrain, Azerbaijan, Hungary, Kazakhstan, Mexico, Rwanda, Morocco, Saudi Arabia, UAE, and India. In the list, The Wire reported nearby 300 phone numbers of Indians that include some politicians, journalists, and rights activists. Israel’s NSO Group claims to sell Pegasus only to “vetted governments”, and not to private entities that suggest persons in the list are under the surveillance of the government.
The process of infiltrating computers and phones using such techniques constitutes ‘hacking’, which is considered a punishable offense under the IT Act, 2000.
As per the official statement reproduced below, the Central Government called it a story, and said “bereft of facts but also founded in preconceived conclusions.” Also added, “It seems you are trying to play the role of an investigator, prosecutor as well as jury.”
Categorically, the government stated, “The allegations regarding government surveillance on specific people have no concrete basis or truth associated with it whatsoever.”
The statement goes on as, “In India, there is a well-established procedure through which lawful interception of electronic communication is carried out for national security, particularly on the occurrence of any public emergency or in the interest of public safety, by agencies at the Centre and States. The requests for these lawful interceptions of electronic communication are made as per relevant rules under the provisions of section 5(2) of Indian Telegraph Act, 1885 and section 69 of the Information Technology (Amendment) Act, 2000.
Each case of interception, monitoring, and decryption is approved by the competent authority i.e. the Union Home Secretary. These powers are also available to the competent authority in the state governments as per IT (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009.”
In the Parliament, the Minister of Electronics and Information Technology, Ashwani Vaishnav said “the report itself clarifies that presence of a number does not amount to snooping”, and added “NSO has also said that the list of countries shown using Pegasus is incorrect and many countries mentioned are not even our clients. It also said that most of its clients are western countries.”
The NSO Group and firm spoke to The Wire through lawyers. They insisted that the list of phone numbers is not a “target list” to hack the government, but “may be part of a larger list of numbers that might have been used by NSO Group customers for other purposes”. In this, “NSO Group customers” refers to “vetted governments”. Amnesty International did a forensic analysis and found that the sample set of listed devices was targeted by the Pegasus.
Answer: Yes, it is possible. Communication through messaging platforms i.e. WhatsApp and Signal are deemed to be safe due to the end-to-end encryption. But, if the device is compromised with spyware, then the encryption of your communication doesn’t matter. Because it is like, someone is looking over your home. End-to-end encryption is the best security system like a strong lock on your house. It can provide the best security, except in such a situation when the thief is already inside the house.