Apple Alerts Top Indian Opposition Leaders and Journalists of State-Sponsored iPhone Hacking Attempts

New Delhi: A recent flurry of notifications from Apple sent shockwaves across India’s political circles and journalist community. These alerts warned people against potential state-sponsored attempts to infiltrate their iPhones, sparking concerns about breach of sensitive information and personal privacy.

Several notable figures, including political leaders and journalists, were recipients of these cautionary notifications. Among them were respected lawmakers such as Mahua Moitra, Priyanka Chaturvedi, Raghav Chadha, Shashi Tharoor, Asaduddin Owaisi, and Sitaram Yechury. Additionally, journalists like Siddharth Varadarajan, Abhisar Sharma, Sriram Karri, and Revathi found themselves listed as potential targets.

The email’s stark subject line, “ALERT: State-sponsored attackers may be targeting your iPhone,” warned the recipients that their devices could be vulnerable to remote access and compromise. This breach could grant unauthorized entry to sensitive data, communications, or even the device’s camera and microphone.

The concurrent timing of at least five individuals receiving the alert simultaneously on October 30, 2023, indicated a specific India-focused cluster. The severity of the situation prompted some recipients to publicly share their alerts. Shiv Sena MP Priyanka Chaturvedi and Mahua Moitra took to Twitter to shed light on this pressing issue, with Chaturvedi pointing a direct finger at the government.

Congress leaders, notably Shashi Tharoor and Rahul Gandhi, expressed their grave concerns. They accused the Narendra Modi government of employing such tactics to suppress opposition voices. Gandhi specifically emphasized the distractions aimed at hiding alleged government dealings with entities like the Adani group, posing a significant threat to democracy and marginalized communities.

The Wire, a widely respected publication, confirmed the reception of these warnings by critics of the ruling government. These warnings resonated with past incidents involving spyware attacks. The Internet Freedom Foundation raised significant concerns, calling for a thorough investigation into the source and magnitude of the potential malware attack.

Apar Gupta, the IFF’s founding director, detailed reasons why these warnings couldn’t be casually dismissed as false alarms. He underscored the history of Pegasus spyware deployment in India and the corroborating evidence from various investigations and reports.

References to the Pegasus Project in 2021 revealed infections in numerous phones owned by politicians, journalists, and rights activists, stressing the gravity of the situation. Despite the inquiries and concerns raised, the final report of the Supreme Court committee set up to investigate these instances has not been made public, while the government has remained ambiguous regarding its ties to Pegasus.

Reports indicating the government’s interest in new spyware contracts, potentially involving substantial financial investments, raised further alarms about the quest for surveillance tools with a ‘lower profile’ than Pegasus. Furthermore, cybersecurity companies highlighted the use of spyware in cases like the Elgar Parishad case to manipulate and plant incriminating evidence on devices.

The magnitude of these alerts, coupled with the historical context of surveillance and spyware incidents, urged stakeholders and the public to demand transparency and a comprehensive investigation.

The saga of Pegasus and the specter of governmental surveillance isn’t new in India. The Pegasus spyware, developed by the NSO Group, has had a long history in the country. Reports from 2019 mentioned state-sponsored attacks targeting activists. By 2021, these invasions extended to public officials and journalists. The Union Government remained conspicuously silent in India’s Supreme Court about these incidents, fueling suspicions of the government’s involvement. Investigations by Amnesty, Citizen Lab, and notifications from WhatsApp have all but solidified the recurring pattern of surveillance in India.

Access Now and Citizen Lab provided crucial confirmations about the validity of Apple’s threat notifications, drawing parallels with warnings sent to Russian journalists. Additionally, the Financial Times disclosed India’s intent to acquire new spyware, potentially diverting funds up to $120 million, hinting at a concerning expansion of surveillance practices. The Defense Ministry’s silence on this report further amplified apprehensions.

The Elgar Parishad case provided a glaring example of how this intrusive technology was allegedly used to manipulate evidence, highlighting the urgent need for transparency and accountability in the wake of increasing digital surveillance practices.

The spotlight is not just on politicians and activists; journalists too find themselves in the crosshairs of these alleged state-sponsored attacks. Amnesty International’s Tech Lab found traces of Pegasus on devices belonging to Siddharth Varadarajan and other journalists in India, underscoring the reach of such surveillance technology.

While the warnings from Apple seem familiar, they serve as a stark reminder of the ongoing surveillance threats in the country, aligning with past instances of attempted infiltration and privacy breaches.

Apple, according to NDTV stated that, “Some notifications may be false alarms..”

However, The Wire’s founding editor MK Venu tweeted, “Apple Inc clarifies, ‘Some notifications may be false alarms’. Very clever statement. It implies not all notifications received by opposition MPs about their iPhone hack are false alarms. Only some of them could be false alarms. Apple trying to have the cake and eat it too! (sic)”.

Some experts believe that it is not just attempts but the iPhones of these people who received such messages have already got compromised.