A cyber security researcher has told the Supreme Court that there are strong indicators that point to the involvement of the Indian government, its intelligence and law enforcement agencies in deploying the Pegasus malware against at least two individuals.
In his additional affidavit filed on January 21, the expert conducted a forensic analysis to determine that one of the iPhones—belonging to Siddharth Vardarajan, Editor-in-Chief of digital news portal The Wire—was infected with the Pegasus malware since April 2018, while the other iPhone was infected despite running the latest version of iOS. Vardarajan told BOOM that he did not want to comment on this issue right now since he is testifying before the Supreme Court-appointed panel later this week on February 2.
The cyber security researcher is an expert witness for one of the petitioners. He not only filed an affidavit before the Supreme Court but has also deposed before the Supreme Court-appointed panel which is probing allegations of Pegasus snooping.
The witness said that Pegasus malware has a rich 6-year ontology (dating back to 2016) and is probably one of the most studied malware as it infects only mobile devices.
The expert's deposition and affidavit are crucial after an investigation report by the New York Times revealed that NSO, the Israeli maker of the spyware, sold Pegasus to Poland, Hungary, and India.
On Sunday, the eve of the Budget Session, opposition MPs cited the NYT report while submitting a priviledge notice against Information and Technology Minister Ashwani Vaishnaw for "deliberately misleading" the Parliament.
Also Read: SC Appoints Expert Committee To Probe Allegations Of Pegasus Snooping
Indicators point at the involvement of the state, intelligence agencies: Expert to SC
According to the report by the cyber security researcher, there are strong indicators that point to the involvement of the State, its intelligence and law enforcement agencies in deploying the Pegasus malware against individuals.
The expert witness pointed to a statement made by the NSO Group, that Pegasus is available for deployment only by "legitimate, vetted, state-administered" intelligence and law enforcement agencies to whom the technology is sold under licence.
He also referred to a two-year-old report prepared by him and a former journalist which said that at least one intelligence agency (the Intelligence Bureau) had purchased a license to Pegasus.
And lastly, the expert witness referred to customs records from the years 2016-2017 for components that match the hardware from Israel for possible system integrators which is essential for deploying Pegasus.
The witness said his findings indicated that the cases before him matched the cases of a Moroccan investigative journalist and human rights activist Omar Radi and those of Azerbaijani investigative journalist Khadija Ismayilova and former Delhi University professor SAR Geelani (he was acquitted in the 2001 Parliament attack case).
Also Read: If Phone Is Hacked, Then Why No Criminal Case Filed: SC On Pegasus Row
Pegasus takes "root privilege", can change system settings, delete call logs: Expert to SC
Another expert who deposed before the SC-appointed panel—he was part of the team from IIT Kanpur which conducted an independent analysis on the technical aspects of Pegasus—analyzed six samples of Pegasus malware found on Android phones and determined that not only did the virus have access to scan and control permission for all apps, but it could also change system settings, process calls and delete call logs. This affidavit was filed in August 2021.
However, the cyber security expert pointed out that his team only analysed malware samples but could not determine if the variants they looked at were used on Indian victims.
Each variant—the expert analysed four—can spy on all information possessed by the victim phone including intimate pictures, personally identifiable data documents, messages, voice recording etc. Whoever has infected the victim's phone without authorization has essentially hacked, exfiltrated personal data and inserted malware, the affidavit filed by the expert witness read.
This expert witness suggested that a) all malware samples take "root priviledge" on the victim phone allowing the virus access to all apps, access to private data, permission to intercept messages between cooperating apps, and permission to control accessory devices like microphone, camera, etc.; and b) the victim phones were infected by way of "zero-click" vulnerabilities.
Finally, the expert's team found that the IP addresses or domain names of the command and control servers are all situated outside India.
Also Read: No Proposal To Ban Pegasus Maker 'NSO group': Centre To Parliament