In the midst of the heated Assembly elections in West Bengal earlier this year, the phone of poll strategist Prashant Kishor was broken into using NSO Group’s Pegasus spyware, according to digital forensics conducted by Amnesty International’s Security Lab and shared with The Wire.
They were among dozens of Indian politicians, journalists, activists and government critics whose numbers were identified as possible targets for the Israeli company NSO Group’s government clients, a global collaborative investigative project has revealed after examining a leaked database of phone numbers listed by multiple government clients of the surveillance firm.
The leaked global database of 50,000 phone numbers was first accessed by French firm Forbidden Stories and Amnesty International before being shared with The Wire, The Guardian, Die Zeit, Washington Post, Suddeutsche Zeitung, Le Monde and 10 other Mexican, Arab and European news organisations.
NSO Group has said that it provides the software only to “vetted governments”, which is believed to be over 36 and includes intelligence, military and law enforcement agencies. The firm, however, refused to identify its clients.
The first tranche of names – revealed by The Wire on Sunday night, when it broke the story – contained names of prominent Delhi-based journalists covering sensitive subjects such as national security, defence and diplomacy.
Since NSO insists that only “vetted governments” can purchase Pegasus, the targeting of Kishor – who was working as an advisor to West Bengal chief minister Mamata Banerjee – is the first iron-clad piece of evidence that this deadly spyware is being used in India by an as yet unidentified agency to gather political information from rivals of the ruling Bharatiya Janata Party.
“If thé use of such methods during Bengal elections are taken as test case then it is quite clear that such things hardly have any impact on the electoral outcome,” Kishor told The Wire. “Having said so, there is no denying that those who would did so were looking to take undue advantage of their position of power with the help of illegal snooping.”
Kishor’s current or one-time role as a key political advisor and strategist for a range of opposition parties, including the DMK in Tamil Nadu and the Congress in Punjab, besides the TMC, means the agency targeting him is also interested in gathering information about the government’s political opponents in different parts of the country.
The forensic examination of his current phone also show that what appear to be unsuccessful attempts to initiate a Pegasus attack were made on Kishor’s phone in 2018, just months prior to the general elections of 2019. This was at a time when there was considerable speculation over who Kishor and his much-in-demand election consultancy organisation, I-Pac, would be assisting in the elections. The full extent of Pegasus’s deployment against him that year was not visible forensically as only those traces from 2018 which came into his current iPhone via backup – he no longer uses the device that was targeted then – were visible.
Pegasus is classified as a military grade export by the Israeli authorities, and the Modi government has never denied it is a customer when asked. This makes it reasonable to surmise that the entity which used the spyware to hack into the phone of Kishor is an Indian agency.
Amnesty’s forensic analysis found traces of infection on Kishor’s phone on April 28, just a day before the last phase of polling in the eight-phase assembly election in West Bengal.
Traces of Pegasus on Kishor’s phone were also detected in 14 days in June 2021 and 12 days in July 2021, including July 13, the day when he met Congress leaders Rahul Gandhi and Priyanka Gandhi in Delhi. In fact, a hack of Kishor’s phone occurred even on the date that The Wire met him and AI helped conduct forensic analysis on it.
