An otherwise hyperactive Indian social media was on weekend mode when it suddenly came alive with the chatter about a potential bombshell of a story set for a primetime debut on Sunday night. Most of the Sunday was spent in anticipation of the much-awaited story’s content. It was finally put up online around 10 pm. A little less than an hour later, social media had written the obituary of the expose, initially billed as the mega event. The jury was out that the expose is an old story—devoid of truth and had questionable motives—too often rehashed in the past.
The Project Pegasus
The mega expose titled The Project Pegasus was a collaborative effort of Paris-based NGO Forbidden Stories, Amnesty, Citizen Lab and 17 media houses from the 10 countries. It was based on the findings of the supposed investigations conducted by the Amnesty security team on the allegedly leaked database of 50,000 phone numbers of potential surveillance targets maintained by the countries using Israel’s NSO group-developed Pegasus spyware.
Although Citizen Lab’s 2018 report claims that 45 countries worldwide use Pegasus, the focus of the investigation was on 11 countries chosen by Forbidden Stories and its media partners. The 11 countries included Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates (UAE).The study concluded that all the 11 countries named have repressive governments that use Pegasus spyware as a “weapon of choice to silence journalists, attack activists and crush dissent, placing countless lives in peril.” Following are the additional points about the data and the methodology used for the expose:
1. The consortium claimed that telephone numbers in the leaked database are not suggestive of the surveillance. It only meant that those numbers were chosen as potential target, thus denoting the intent on the part of the users of Pegasus.
2. The consortium further claimed that Amnesty’s Security Lab team had developed an in-depth forensic methodology to detect the digital evidence of infection by Pegasus in the mobile phones chosen for surveillance.
3. Sixty-seven smartphones suspected of Pegasus spyware attacks were examined using Amnesty’s tool. Twenty three phones were found to be infected, and 14 phones showed signs of attempted intrusion. Test scan on the remaining 30 smartphones remained inconclusive. As per Amnesty, 15 phones were Android devices, none of which showed evidence of successful infection. Amnesty claims that their test scan could not scan Android phones as they do not maintain logs and the information required for Amnesty’s forensic analysis. Three Android phones, however, showed signs of attempted hacking by way of Pegasus-linked SMS messages.
4. Ten phones of Indian journalists were scanned using an Amnesty test scan, and five phones were found to be infected, while two phones showed traces of attempted hacking but were not infected.
5. The majority of the telephone numbers were entered by Mexico (15,000), and Morocco (10,000) and UAE (10,000). European countries had entered more than 1,000 numbers in the system. India, chosen amongst 11 countries, had entered less than 300 telephone numbers in the Pegasus system.
6. Based on the sample size of 67 phones (0.13 per cent of the total) out of the 50,000 mobile phone numbers, the consortium concluded that 11 countries were guilty of large scale snooping—a preposterous and outrageously scandalous claim.
Campaign against NSO Group
The Amnesty-led campaign against the NSO group is a clash of two opposing ideologies represented by 1961 launched Amnesty, a London-based NGO, and 2010-born and Herzliya-headquartered NSO group. The source of their rivalry is enshrined in the mission of the two organisations. Amnesty, launched on May 28, 1961 in London, with the publishing of the newspaper article titled “The Forgotten Prisoners” by Peter Benenson as an appeal to work for securing the Amnesty for Prisoners of Conscience, is a known supporter of subversive forces active in conflict zones. In contrast, Shalev Hulio and Omri Lavie, two erstwhile members of Unit ‘Eight-Two Hundred’ of Israeli Intelligence Corps, founded the NSO group with the mission to make the world a safer place by assisting lawful investigations by state authorities to ensure the security and safety of citizens against significant subversion crimes and terrorism.
The latest expose on the NSO Group’s Pegasus spyware by Amnesty is another addition to the series of similar campaigns that Amnesty and its partners—namely Citizen Lab, Foreign Architecture and Forbidden Stories—have been running since 2016.
Citizen Lab’s first report on the use of NSO’s Pegasus spyware was published on August 24, 2016, and this report gave instant fame to the NSO group. Amnesty’s first report on the use of Pegasus was posted on August 1, 2018, after its staffer received a WhatsApp message on his phone triggering an investigation. It was followed by a September 2018 report by Citizen Lab about the use of Pegasus for surveillance operations in 45 countries. Amnesty published its most report against the usage of Pegasus in May 21. A press release followed on July 3, 2021, to announce the launch of a new interactive online platform in partnership with Forensic Architecture and the Citizen Lab detailing the alleged usage of Pegasus software for surveillance on activists and human rights lawyers to extract information on their activities.
One common theme across all the reports and campaigns against NSO group’s Pegasus spyware is the call to ban or restrict its usage by governments/government agencies using them. Notably, Amnesty even filed a suit against NSO Group in Israel for alleged phone hacking of activists and journalists using Pegasus tool and petitioned the court to place an export ban on the NSO Group.
Statement of Indian Government and NSO Group
The expose evoked a sharp reaction from the government of India. Terming the “questionnaire sent to the Government of India as an attempt to play the role of an investigator, prosecutor as well as jury”, the government said that “the story being crafted is not only bereft of facts but also founded in pre-conceived conclusions.” The strongly-worded statement by the government equated the news report in works to “a fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions.” The government statement listed various measures and laws passed to ensure the right to privacy. It also explained the detailed procedure for lawful interception of electronic communication, as established by the law. Neither the provision allowing for legal interception was mentioned anywhere in the story, nor was any credence given to the Indian government statement while arriving at bizarre conclusions about India.
The NSO Group, in its statement, stated that the consortium had “apparently misinterpreted and mischaracterised crucial source data on which it relied” and that the information supplied to the consortium had no “factual basis”. This statement was also ignored while arriving at the conclusions about the NSO Group.
Funding Sources of the Consortium behind the Project Pegasus
All the consortium entities behind the Project Pegasus—Amnesty, Citizen Lab, Forbidden Stories and Foreign Architecture—are the recipients of grants and funds from George Soros-run Open Society Foundations. The standard Soros thread binding all these organisations raises many unanswered questions on the credibility and motivation of the expose.
Soros’s hatred for Prime Minister Narendra Modi is well known and documented in his utterances and writings. In a speech delivered at the World Economic Forum held at Davos on January 24, 2020, billionaire investor George Soros singled out Prime Minister Narendra Modi. In Soros’s words, “Nationalism, far from being reversed, made further headway. The biggest and most frightening setback occurred in India, where a democratically elected Narendra Modi is creating a Hindu nationalist state, imposing punitive measures on Kashmir, a semi-autonomous Muslim region, and threatening to deprive millions of Muslims of their citizenship.” Unarguably, Soros’s personal opinion and his funding of the consortium played a huge role in India becoming a target of the story despite the alleged inclusion of less than 300 Indian telephone numbers in the leaked database of more than 50,000 telephone numbers chosen for potential surveillance through Pegasus system.
Unrelated but an important fact worth noting is that Wellspring Philanthropic Fund, one of the financers of the Forbidden Stories, has also funded Sherpa, the French NGO, the persistent litigator in the Rafale deal. The fact that Indian Supreme Court had cleared the deal didn’t stop Sherpa from pursuing this matter further. Curiously, William Bourdon, the Sherpa founder, runs Platform to Protect Whistleblowers in Africa or PPLAAF in association with Soros-funded Open Society Initiative for West Africa (OSIWA).
Unresolved Issues and Unanswered Questions
The entire premise of The Pegasus Project is based on the presence of 50,000 telephone numbers in the leaked database of potential surveillance targets by the countries/agencies using Pegasus. Following is the list of some unresolved issues and unanswered questions that the consortium must address:
1. The source of the leak and test scans carried out to establish the integrity of the data was never disclosed. Here, it is essential to mention that consortium has claimed to have identified only 1,000 telephone numbers out of available 50,000.
2. Amnesty claims that its test scan methodology could not scan Android phones sounds bizarre and raises serious doubts about the integrity of the scan process itself.
3. The consortium has not shared the country-wise breakup of the telephone numbers selected for snooping despite Citizen Lab’s claims of the Pegasus tool being used by 45 countries.
4. The Forbidden consortium has drawn its conclusions based on the forensic analysis of 67 phones out of 50,000 phone numbers. However, no details have been shared about the identity of those 67 phones users. Also, expose is silent as to how many of those 67 phones were used by the employees or associates of Amnesty, Citizen Lab, Forbidden Stories and 17 media partners of the consortium.
5. The story claims that the results of the Forensic analysis were peer-reviewed by the Citizen Lab team. Amnesty and Citizen Lab have been collaborating for several years now. Besides, Etienne Maynier, a vital member of the Amnesty Security team responsible for forensic scans, was earlier an employee of Citizen Lab. This ‘apparent in the face’ conflict of interest puts a serious question mark on the entire peer-review process.
6. Amnesty’s stand on the Bhima Koregaon case and its opposition to the Modi government after Amnesty was found guilty of funding irregularities raises serious questions about its ability to conduct objective and impartial investigations vis-à-vis India. Additionally, the Indian media partner of Project Pegasus and journalists claiming to have been snooped are well-known critics of the Modi government since the day it assumed office.
Notwithstanding the declaration by the consortium that the mere presence of the phone numbers in the leaked database is no guarantee of infection or snooping, serious accusations were levelled on 11 countries. Specifically, the glaring inconsistencies, biases of key members or institutions, unanswered questions, and conclusions drawn based on the questionable and unverified database point to a significant international conspiracy against India’s democratically elected government. Hence, it will be prudent for the government of India to order a detailed inquiry against the consortium members to unearth the larger conspiracy behind this expose directed at India.
The author is a Chartered Accountant with interests in social entrepreneurship, culture, dharmic issues and agriculture. He has served as an Economic Advisor to Trivendra Singh Rawat, former CM of Uttarakhand. The views expressed in this article are those of the author and do not represent the stand of this publication.