{
	"id": "0e804b7d-133b-409f-a5bf-be3188111906",
	"created_at": "2026-04-06T00:15:08.967547Z",
	"updated_at": "2026-04-10T13:12:20.095989Z",
	"deleted_at": null,
	"sha1_hash": "deabc6947d7f4caac2c66af48698b2758cc6951c",
	"title": "Pegasus Project: How Phones of Journalists, Ministers, Activists May Have Been Used to Spy On Them - The Wire",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 155834,
	"plain_text": "Pegasus Project: How Phones of Journalists, Ministers, Activists\r\nMay Have Been Used to Spy On Them - The Wire\r\nBy Siddharth Varadarajan\r\nPublished: 2021-07-18 · Archived: 2026-04-05 12:52:02 UTC\r\nNew Delhi: A leaked database of thousands of telephone numbers believed to have been listed by multiple\r\ngovernment clients of an Israeli surveillance technology firm includes over 300 verified Indian mobile telephone\r\nnumbers, including those used by ministers, opposition leaders, journalists, the legal community, businessmen,\r\ngovernment officials, scientists, rights activists and others, according to an investigation by The Wire and 16\r\nmedia partners.\r\nForensic tests conducted as part of this project on a small cross-section of phones associated with these numbers\r\nrevealed clear signs of targeting by Pegasus spyware in 37 phones, of which 10 are Indian. Without subjecting a\r\nphone to this technical analysis, it is not possible to conclusively state whether it witnessed an attack attempt or\r\nwas successfully compromised.\r\nNSO Group, the Israeli company which sells Pegasus worldwide, says its clients, are confined to “vetted\r\ngovernments”, believed to number 36. Though it refuses to identify its customers, this claim rules out the\r\npossibility that any private entity in India or abroad is responsible for the infections which The Wire and its\r\npartners have confirmed.\r\nThe leaked database was accessed by Paris-based media nonprofit Forbidden Stories and Amnesty International\r\nand shared with The Wire, Le Monde, The Guardian, Washington Post Die Zeit, Suddeutsche Zeitung and 10 other\r\nMexican, Arab and European news organisations as part of a collaborative investigation called the ‘Pegasus\r\nProject’.\r\nForbidden Stories, which accessed the\r\ndata, says it comprises records of phone numbers selected as targets by NSO clients, a claim the company\r\nformally denied while conceding that its clients might have used these numbers for “other purposes”.\r\nhttps://thewire.in/government/project-pegasus-journalists-ministers-activists-phones-spying\r\nPage 1 of 4\n\nA majority of the numbers identified in the list were geographically concentrated in 10 country clusters: India,\r\nAzerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab\r\nEmirates.\r\nEach of these countries have been identified in the past by experts at Citizen Lab – a digital surveillance research\r\norganisation based out of the University of Toronto that laid the groundwork for WhatsApp’s 2019 lawsuit against\r\nthe NSO Group – as having been a region of focus for Pegasus operators. \r\nWorking together with the technical lab of Amnesty International, a team of over 80 journalists coordinated by\r\nForbidden Stories sought to identify and verify the individuals to whom these numbers belong and then conduct a\r\nforensic examination of the phones in use by them for the period covered by the data, which, in the Indian case\r\nwas approximately mid-2017 to mid-2019.\r\nAlso read: FAQ: On the Pegasus Project’s Digital Forensics\r\nThe Indian Telegraph Act and Information Technology Act prescribe procedures that must be followed for lawful\r\ninterception. Different countries have different laws but the use of hacking to deliver surveillance spyware in India\r\nby any individual, private or official, is an offence under the IT Act.\r\nThe Wire will be revealing the names it has been able to verify under different categories, in a step by step fashion\r\nwith its partners over the next few days.\r\nThe numbers of those in the database include over 40 journalists, three major opposition figures, one\r\nconstitutional authority, two serving ministers in the Narendra Modi government, current and former heads and\r\nofficials of security organisations and scores of businesspersons.\r\nThe presence of a number in the database indicates its likely selection as a target for surveillance but whether a\r\nphone was actually hacked and infected can only be established through forensic examination of the device –\r\nmore easily done if the instrument in question is an iPhone.\r\nAmong the numbers in the Pegasus Project database is one that was registered in the name of a sitting Supreme\r\nCourt judge. However, The Wire has not been able to confirm whether the number, which the judge gave up before\r\nit was added to the list, was still being used by him for WhatsApp and other encrypted messaging apps when the\r\nnumber was selected. Until such time as we are able to establish the number’s actual user during the period in\r\nquestion, we are withholding the name of the judge.\r\nThe Wire and its partners will also not be revealing the identity of any names that appear to be the subject of\r\ncounter-terrorism or state-to-state espionage, with the exception of 13 heads of state or government around the\r\nworld.\r\nCommitted to privacy rights, says Indian government\r\nIn a response to detailed questions sent by Pegasus Project partners to the Prime Ministers’ Office earlier this\r\nweek, the Ministry of Electronics and Information Technology said that “India is a robust democracy that is\r\ncommitted to ensuring the right to privacy to all its citizens as a fundamental right” and that the “allegations\r\nhttps://thewire.in/government/project-pegasus-journalists-ministers-activists-phones-spying\r\nPage 2 of 4\n\nregarding government surveillance on specific people has no concrete basis or truth associated with it\r\nwhatsoever.”\r\nWithout specifically denying that Pegasus is being used by the government, the MEITY response said, “Each case\r\nof interception, monitoring, and decryption is approved by the competent authority… The procedure therefore\r\nensures that any interception, monitoring or decryption of any information through any computer resource is done\r\nas per due process of law.”\r\nAlso read: Old RTI Response Enough To Deny Govt-Pegasus Link, Media Didn’t Do Due Diligence: MeitY\r\nIn fact, the procedure for lawful interception involves not just written, time-bound authorisation in each instance\r\nbut the use of the telecom or computer resource intermediary as well, who is supposed to enable the interception,\r\nand does not cover the activities proscribed by Section 43 of the IT Act under the definition of “hacking”.\r\nHacking an individual’s smartphone is a necessary step in subjecting an individual to surveillance by spyware\r\nsuch as Pegasus.\r\nNSO says data ‘may be’ linked to its customers\r\nThough the NSO Group insists the leaked database is “not a list of numbers targeted by governments using\r\nPegasus”, it told The Wire and Pegasus Project partners in a letter from its lawyers that it had “good reason to\r\nbelieve” the leaked data “may be part of a larger list of numbers that might have been used by NSO Group\r\ncustomers for other purposes”.\r\nAsked what these “other purposes” could be, the company changed tack and claimed that the leaked records\r\nwere based on “publicly accessible, overt sources such as the HLR Lookup service” – and that it had no “bearing\r\non the list of the customer targets of Pegasus or any other NSO products”.\r\nHLR lookup services are used to test whether a phone number of interest is currently on a network.\r\nAn Appeal: Support Investigative Journalism That Brings You The Truth. Support The Wire.\r\nIf the leaked numbers represent the output of an HLR Lookup service, as NSO itself suggests, the fact that the\r\ndata is from countries known to have been a region of focus for Pegasus operators in the past raises two questions:\r\nwere they all generated by the same service provider?  Were they all consolidated and held in one place for some\r\ncommon purpose?\r\nWhile HLR lookups have obvious commercial relevance for telemarketers, telecom security experts say they\r\ncould well be an integral part of spyware-driven surveillance. “Here’s the most important reason why you would\r\nuse an HLR lookup,” Karsten Nohl, chief scientist for Security Research Labs in Berlin, told the Pegasus Project.\r\n“You would know that the phone is on” – and hence available for hacking.\r\nNSO disputes the suggestion that Pegasus could have been used to target 50,000 persons, implying that the scale\r\nof targeting across all government clients is around 5,000 a year.\r\nThe sensitivity of the information involved – governments which select high-profile individuals for potential\r\nhacking and surveillance would hardly like the details or metadata of their targeting to be known by a foreign\r\nhttps://thewire.in/government/project-pegasus-journalists-ministers-activists-phones-spying\r\nPage 3 of 4\n\ngovernment or private entity – further adds to the questions which the leaked database and NSO’s firm denial that\r\nthis has any connection to Pegasus raise.\r\nNone of the governments involved have an incentive to shed light on the issue. However, in countries that are\r\ngoverned by the rule of law, the possibility that a massive and illegal surveillance programme is being used to\r\ntarget prominent individuals from all walks of life – including political opponents and journalists – poses a clear\r\nthreat to democracy and will raise demands for an independent probe.\r\nThe Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news\r\norganisations in 10 countries coordinated by Forbidden Stories with the technical support of Amnesty\r\nInternational’s Security Lab. Read all our coverage here.\r\nSource: https://thewire.in/government/project-pegasus-journalists-ministers-activists-phones-spying\r\nhttps://thewire.in/government/project-pegasus-journalists-ministers-activists-phones-spying\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://thewire.in/government/project-pegasus-journalists-ministers-activists-phones-spying"
	],
	"report_names": [
		"project-pegasus-journalists-ministers-activists-phones-spying"
	],
	"threat_actors": [],
	"ts_created_at": 1775434508,
	"ts_updated_at": 1775826740,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/deabc6947d7f4caac2c66af48698b2758cc6951c.pdf",
		"text": "https://archive.orkl.eu/deabc6947d7f4caac2c66af48698b2758cc6951c.txt",
		"img": "https://archive.orkl.eu/deabc6947d7f4caac2c66af48698b2758cc6951c.jpg"
	}
}