Home / India / Pegasus spyware found on Rona Wilson’s phone: Forensic analysis

'49 attacks on Rona Wilson's phone'

Pegasus spyware found on Rona Wilson’s phone: Forensic analysis

The disclosure has prompted civil liberties activists to call for 'new evidentiary principles and approach to deal with electronic forensic investigatory reports'
Rona Wilson.
Rona Wilson.
File photo

Our Special Correspondent   |   New Delhi   |   Published 18.12.21, 02:01 AM

Jailed human rights activist Rona Wilson’s smart phone was infiltrated via the Pegasus spyware a year before his arrest in the Elgar Parishad case in 2018, new forensic analysis suggests.

The latest revelation by US-based data forensics firm Arsenal Consulting was reported by The Washington Post newspaper and The Wire web portal. The disclosure has prompted civil liberties activists to call for “new evidentiary principles and approach to deal with electronic forensic investigatory reports”.

The Boston-based Arsenal Consulting said that a second device (an iPhone) belonging to Wilson had been targeted through Pegasus, the spyware manufactured by Israel’s NSO Group.

Earlier this year, Arsenal had said the computers of Wilson and co-accused Surendra Gadling, a lawyer, had been hacked using the malware NetWire Remote Access Trojan and incriminating materials had been planted in them.

According to The Post and The Wire, Arsenal Consulting found digital traces of infection by Pegasus on backups of Wilson’s iPhone 6s.

The Post reported: “The phone backups were provided to Amnesty at the request of Wilson’s defence team by Arsenal Consulting, a US digital forensics firm that examined an electronic copy of Wilson’s laptop provided by his lawyers…. Wilson received at least 15 SMS messages with malicious links in a span of six months, the last of which was delivered four months before his arrest in June 2018.”

The NSO Group claims it sells the Pegasus spyware only to governments and government agencies.

Wilson and Gadling are in a prison near Mumbai facing trial on terrorism charges in the Elgar or Bhima Koregaon case. The backups analysed by Arsenal are of devices that are being held as evidence in the case.

Besides Wilson and Gadling, 11 other activists, academics and lawyers are in jail for alleged Maoist links in connection with the Elgar case.

Two others who had been arrested are out on bail. The oldest accused, 84-year-old tribal rights activist and Jesuit priest Fr Stan Swamy, died of multiple ailments in hospital while awaiting bail.

The Narendra Modi government has neither confirmed nor denied that it is an NSO client. The Supreme Court has formed a probe team to look into allegations that the government deployed the Pegasus spyware to snoop on activists, judges, journalists, politicians and others.

Advocate Susan Abraham, who is part of the defence team and is Gonsalves’s wife, told The Telegraph: “This shows how anti-BJP government activists were surveilled upon. Not only was his computer attacked by malware through remote-controlled netwire, his phone was infected with spyware. The central agencies have used public funds to spy on the public!”

The People’s Union for Civil Liberties (PUCL) said on Friday: “The present report identifies 49 different instances of Pegasus attack, and sometimes of successful infection, on Mr Wilson’s iPhone, between July 5, 2017, and April 10, 2018. This is striking given that Arsenal’s previous reports had already shown that Mr Wilson’s computer had been hacked by the NetWire Remote Access Trojan (RAT) between June 13, 2016, and April 17, 2018 — covering the same period — in order to plant incriminating files on his computer.

“The same had been done to the computer of another accused in the Bhima Koregaon case, Surendra Gadling. Arsenal also confirmed that neither Mr Wilson nor Mr Gadling had ever opened the incriminating files in question.

“Together this is the single best-documented case of a cybercrime compromising India’s criminal justice system and the rights of its citizens. Yet the government remains silent…. If the NIA (National Investigation Agency) does not even care to investigate these aspects, how can it claim its actions are legitimate?”

The rights group, some of whose members have represented the accused in court, said: “The first Pegasus attack on Mr Wilson’s iPhone took place on the second day of Prime Minister Modi’s visit to Israel where the NSO Group company that manufactures Pegasus is headquartered.… Were there members of the PM’s team who could have been authorised to act on behalf of the government to contract the services of the NSO Group and/ or authorise attacks on Indian citizens?

“Given that we now have compelling evidence that there are citizens who’ve been attacked by both Netwire and Pegasus, it is crucial that the committee appointed by the Supreme Court investigate any connections between the two attacks and the implications for the BK (Bhima Koregaon) case.

“The four reports from Arsenal taken together leave little doubt that the BK case has no evidentiary basis. At the minimum, all the accused must be granted bail immediately. We hope that the judiciary will take note of the fact that electronic evidence can be falsified and tampered with and that there is need to develop new evidentiary principles and approach to deal with electronic forensic investigatory reports like the Arsenal report.”

In October, the Supreme Court had appointed an independent expert technical committee --- led by one of its former judges, Justice R.V. Raveendran --- to find out whether the government had used Pegasus to spy on Indian citizens.

The NIA had denied Arsenal’s findings in the past and has told Bombay High Court that “documents which are not part of the chargesheet cannot be relied upon”.

Maharashtra police too have told the court that the accused can challenge the evidence only when it comes to trial.

In July, France-based Forbidden Stories and Amnesty International’s Security Lab had purportedly accessed records of the NSO Group. These included a list of mobile numbers, apparently meant for surveillance by unidentified NSO clients.

The list included the mobile numbers of Congress MP Rahul Gandhi and former election commissioner Ashok Lavasa, who had reportedly objected to the clean chits given to Modi and then BJP president Amit Shah for poll code violations in 2019.

Among the other numbers on the list were those of Elgar accused Hany Babu M.T., Vernon Gonsalves, Anand Teltumbde, Shoma Sen (academics), Gautam Navlakha (activist), Arun Ferreira and Sudha Bharadwaj (lawyers). At least 30 Indian journalists’ numbers too figured on the list.

Copyright © 2020 The Telegraph. All rights reserved.