[The phone backups were provided to Amnesty at the request of Wilson’s defense team by Arsenal Consulting, a U.S. digital forensics firm that examined an electronic copy of Wilson’s laptop provided by his lawyers. Amnesty’s new finding raises further questions about the Indian government’s case against Wilson, a Delhi-based activist who campaigned for the rights of those incarcerated for their political ideology. In February, Arsenal said Wilson’s computer had been hacked by an unknown attacker and that malicious software was used to plant documents that are cited in the charging documents as evidence against him.]
By Niha Masih
The analysis by Amnesty showed that
two backups of an iPhone 6s belonging to Wilson, who has been in jail on
terrorism charges since June 2018, had digital traces showing infection by the
Pegasus surveillance tool, which its developer, the Israeli cybersecurity firm
NSO Group, has said has been licensed only to government agencies.
The analysis expands the findings reported by The Washington Post and a global
media consortium in July that the tool has been deployed against a
wide range of targets around the world, including human rights activists and
journalists.
The Indian government has neither
confirmed nor denied that it is an NSO Group client.
The phone backups were provided to
Amnesty at the request of Wilson’s defense team by Arsenal Consulting, a U.S.
digital forensics firm that examined an electronic copy of Wilson’s laptop
provided by his lawyers. Amnesty’s new finding raises further questions about
the Indian government’s case against Wilson, a Delhi-based activist
who campaigned for the rights of those incarcerated for their political
ideology. In February, Arsenal said Wilson’s computer had been hacked by an
unknown attacker and that malicious software was used to plant documents that are cited in the charging
documents as evidence against him.
Arsenal has worked on the case on a
pro-bono basis.
Vijayanta Goyal Arya, a spokeswoman
for the National Investigation Agency, the anti-terrorism authority overseeing
the case, said that the charging documents have been filed “based on
prosecutable evidence” and that the “forensic reports have been submitted to
the court.” She declined to comment on the new forensic findings but said the
agency seeks reports from labs recognized by the courts.
An NSO Group representative
responded to a request for comment with a statement: “Without addressing
specific countries and customers, the allegations raised in this inquiry are
not clear. Once a democratic country lawfully, following due process, uses
tools to investigate a person suspected in an attempt to overthrow a
(democratically-elected) government, this would not be considered a misuse of
such tools by any means.”
Etienne Maynier, a technologist at
Amnesty International, called the presence of Pegasus on Wilson’s phone “very
worrying.”
“What we need is an independent
investigation into who is at the origin of this attack and responsible for this
abuse,” said Maynier. Legislation should prevent this kind of “unlawful
surveillance” against human rights defenders, he said.
The Pegasus
Project news investigation revealed that hundreds of numbers from
India appeared on the global list of more than 50,000 phone numbers, which
included some numbers selected for surveillance by NSO’s clients.
The list included numbers for Rahul
Gandhi, India’s main opposition leader, and his aides; Ashok Lavasa, an
election commissioner who ruled that Prime Minister Narendra Modi violated
campaign guidelines in 2019, and more than 30 journalists.
Officials at the Ministry of
Electronics and Information Technology declined to comment on the matter.
The phone numbers used by Wilson
and seven other co-defendants were added to the list that included those
selected for surveillance before their arrests. Three of the numbers were added in
2017, well before the event that police said precipitated the investigation: a
commemoration of a 200-year-old battle held on Jan. 1, 2018, during which one
person died in clashes near a village known as Bhima Koregaon.
An earlier examination by Amnesty confirmed
the presence of Pegasus on a phone belonging to S.A.R Geelani, who headed the Committee for the
Release of Political Prisoners, the organization with which Wilson worked.
Geelani, who died in 2019, was not a defendant in the Bhima Koregaon case.
Amnesty’s analysis of two
electronic copies of Wilson’s phone backups revealed that his phone was first
compromised using Pegasus spyware in July 2017. The traces of
infection appear again in early 2018, according to Amnesty.
Wilson received at least 15 SMS
messages with malicious links in a span of six months, the last of which was
delivered four months before his arrest in June 2018, according to
Maynier. Some were disguised as links to sign petitions on human rights causes,
and others were advertisements.
[Invisible
surveillance: How spyware is secretly hacking smartphones]
The charging documents claim that
Wilson and more than a dozen other activists were associated with a banned
guerrilla group of Maoists in central India that aims to overthrow the
government. The activists deny the charges.
The activists have been charged
under a stringent anti-terrorism law that critics say Modi’s government has
used increasingly against dissidents.
The trial in the Bhima Koregaon
case has yet to begin. Those in jail include a prominent academic specializing in India’s caste structure,
a discriminatory Hindu system based on birth; a lawyer who fought cases of tribal youths accused of
being Maoists; and singers who wrote songs parodying Modi and his
government.
In July, one of the defendants,
Stan Swamy, an 84-year-old Jesuit priest suffering from Parkinson’s, died of
ill health at a hospital after nearly eight months in jail. This
month, Sudha Bharadwaj, a lawyer and trade unionist, became the
first imprisoned activist in the case to be released on statutory bail after spending more than
three years in jail.
The forensic analysis of Wilson’s
phone backup was confirmed in a separate examination by Arsenal Consulting at
the request of the defense team.
In February, The Washington Post
was first to report that a forensic analysis showed Wilson’s laptop had been subject to a sophisticated malware
attack in 2016, nearly two years before his arrest, in which an
unknown hacker planted evidence, including a letter purportedly written by
Wilson to a Maoist leader where he urged the group to assassinate Modi. A
subsequent forensic analysis by Arsenal revealed that at least 30 incriminating documents recovered from Wilson’s
device by the police had been planted.
A similar hack was perpetrated on
a second co-defendant by the same attacker, according to
Arsenal. Forensic experts based in North America reviewed the Arsenal reports
at the request of The Post and said Arsenal’s conclusions were sound
Citizen Lab, a research group at
the University of Toronto that specializes in studying Pegasus and other
spyware, has found evidence that India has been a client of NSO, according to
Bill Marczak, a senior research fellow.
Since the publication of the
project, several countries have ordered an internal investigation into the use
of Pegasus. In India, the Supreme Court established a committee of
experts overseen by a retired judge to investigate the findings.
The NSO Group has come under fire
globally over the project’s findings. The U.S. Department of Commerce last
month blacklisted the company, barring it from receiving American technologies.
[Biden
administration blacklists NSO Group over Pegasus spyware]
Although NSO Group has denied the
findings of the Pegasus Project news investigation, it has acknowledged
problems with a client and said it suspended the contract when abuse of the spyware surfaced. The company vowed to investigate other allegations of misuse.
Wilson, 50, has spent more than
1,200 days in jail awaiting trial. Sanjay Kak, a filmmaker and writer who
worked with Wilson on a few citizen campaigns for the release of political
prisoners, called him a “quintessential self-effacing figure.”
“Ironically, he’s now at the other
end of the very machine that he worked against,” Kak said.
Read more:
Evidence found on a second Indian activist’s computer was
planted, report says
Indian activists jailed on terrorism charges were on list with
surveillance targets
