A leaked database of thousands of telephone numbers used by ministers, journalists, lawyers, etc has been released. The database is believed to have been listed by multiple government clients of an Israeli surveillance technology firm. NSO Group, the Israeli company sells the spyware ‘Pegasus’, worldwide. The firm stated that its clients, are confined to “vetted governments” only, and has refused to identify its customers.
Many arrested in the Elgar Parishad-Bhima Koregan case were listed in the database including prison rights activist Rona Wilson, DU professor Hany Babu, activist Vernon Gonsalves, academic Anand Teltumbde, retired professor Shoma Sen (her number is first selected in 2017), journalist Gautam Navlakha, lawyer Arun Ferreira, and activist Sudha Bharadwaj. Besides those directly accused case, many numbers belonging to close relatives, friends, lawyers and colleagues of those accused also appear to be targeted by the spyware.
It is unclear if the attacker had managed to gain access to their phones.
In some cases, the phones were chosen as targets during significant dates in the Elgar Parishad case. An example of this is the case of Varavara Rao’s daughters number, which appears in the records, around the time Varavara Rao, was put under house arrest.
What is also interesting is that numbers of phones even after being confiscated by the police have appeared on the records. For example, Sudha Bharadwaj was sent to jail on October 26, 2018, but the leaked data shows that her number appeared in the records even after her arrest, when her phone was in the custody of the Pune police. Phones constitute part of the digital evidence in these cases and once seized and sealed, they cannot be switched on. Even a small change would be understood as digital evidence being tampered with.
Mihir Desai, who is the senior lawyer representing many of the accused in the Elgar Parishad case, stated: that the attack “goes beyond surveillance, it is actually interference with the person’s life. The malware is planted to get control over the person’s data and life.” Desai also added that the absence of a clear cut data protection law, makes such cases, where evidence could potentially be planted and fabricated, extremely difficult to defend in court.