0 Comment(s) *
* The moderation of comments is automated and not cleared manually by indianexpress.com.
One of the two researchers anyalsed iPhones of seven people, of which two were found to be infected with Pegasus, this researcher told The Indian Express. At least two cyber-security researchers, who have deposed before the Supreme Court-appointed committee that’s probing the use of Pegasus for allegedly spying on citizens, have told the panel that they found concrete evidence of use of the malware on the devices of the petitioners.
These cyber-security researchers were engaged by some of the petitioners to depose before the top court panel and provide details of the forensic analysis done by them.
One of the two researchers anyalsed iPhones of seven people, of which two were found to be infected with Pegasus, this researcher told The Indian Express. The researcher submitted an affidavit to the Supreme Court and subsequently deposed before the panel to say that the evidence on the two phones were uncovered using a forensic tool.
After deleting personally identifiable data from the devices of the two persons, the cybersecurity researcher found that while Pegasus had infected the phone of one of the petitioners in April 2018, the other phone had “multiple entries” for various stages of malware deployment between June and July 2021.
“Multiple entries going back to March 2021 indicating that the Pegasus malware tried to delete entries from the process table databases,” the first cybersecurity researcher said in the affidavit to the Supreme Court.
The other cybersecurity researcher, who analysed Android phones of six of the petitioners in the case, found distinct versions of the malware on four phones, while two of the remaining devices had variants of the original versions of Pegasus present on them, this researcher told The Indian Express.
“We have an emulator for Android on which we verified that it has all the variants of the malware. What we found is that this (malware) is so virulent that it could not have been used for legitimate purposes. It not only reads your chats, it can get your videos, turn the audio or video at any time,” the cybersecurity researcher said.
The Supreme Court had on October 27 last year appointed a three-member panel, under the supervision of retired Supreme Court judge Justice R V Raveendran, to look into the allegations of unauthorised surveillance using the Pegasus spyware. The three-member technical committee comprised Dr Naveen Kumar Chaudhary, Dean of National Forensic Sciences University in Gandhinagar; Dr Prabaharan P, Professor at Amrita Vishwa Vidyapeetham in Kerala; and Dr Ashwin Anil Gumaste, Institute Chair Associate Professor at Indian Institute of Technology, Bombay.
On January 2 this year, the three-member panel issued an advertisement asking people who suspected their devices to be infected by the spyware to contact the committee before 12 pm on January 7. The committee had further said that if it feels that the person’s reasons for their suspicion of the device being infected with the malware compelled further investigation, it would request the person to hand over their device for tests, and which would subsequently be returned.
Some of the petitioners who approached the committee, however, expressed apprehensions over submitting the devices. Both the independent cybersecurity researchers The Indian Express talked to said that there was no need for the committee to take the device as “an image of the phone” could be copied and the device could have been returned.
“My technical opinion is that it is not required. All they need is an ‘image’ of the phone. That can be taken in front of the petitioner. A hash value should then be provided to the petitioner so that nothing is changed while it (phone) is undergoing tests,” one of the cybersecurity researchers said.
An email sent to the three-member committee seeking to know its comments on the depositions made by the two cybersecurity researchers, the number of people who had approached it following the advertisement on January 2, and the timeline by which the investigation was likely to be completed did not elicit any response.
In July last year, media outlets from across the world had reported that Israeli’s company NSO Group’s software Pegasus had been used to illegally spy on journalists, activists, ministers and members of the opposition.
The Indian leg of the investigation, conducted by The Wire, had reported that among the potential list of targets were Congress leader Rahul Gandhi, political strategist Prashant Kishor, then Election Commissioner Ashok Lavasa, now Information and Technology Minister Ashwini Vaishnaw (who was not a minister when the alleged surveillance is said to have happened), along with several other prominent names. The list also mentioned numbers of around 40 journalists, including three editors of The Indian Express — two current and one former.
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
© The Indian Express (P) Ltd