New Delhi: Multiple top leaders of India’s opposition parties and at least three journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….”
Here are the people confirmed to have been notified by Apple about the attempts to compromise their iPhones:
1. Mahua Moitra (Trinamool Congress MP)
2. Priyanka Chaturvedi (Shiv Sena UBT MP)
3. Raghav Chadha (AAP MP)
4. Shashi Tharoor (Congress MP)
5. Asaduddin Owaisi (AIMIM MP)
6. Sitaram Yechury (CPI(M) general secretary and former MP)
7. Pawan Khera (Congress spokesperson)
8. Akhilesh Yadav (Samajwadi Party president)
9. Siddharth Varadarajan (founding editor, The Wire)
10. Sriram Karri (resident editor, Deccan Chronicle)
11. Samir Saran (president, Observer Research Foundation)
12. Revathi (independent journalist)
The email titled “ALERT: State-sponsored attackers may be targeting your iPhone” goes on to say, “These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”
It urges the recipients, “While it’s possible this is a false alarm, please take this warning seriously.”
While the language of Apple’s warning is identical to what the phone manufacturer has used in the past to alert victims of spyware around the world, the fact that at least five persons in India received the same alert at the same time (11:45 pm on October 30, 2023) suggests those being targeted are part of an India-specific cluster.
Shiv Sena MP Priyanka Chaturvedi has tweeted the mail.
Moitra also took to Twitter to highlight the alert:
Received text & email from Apple warning me Govt trying to hack into my phone & email.
– get a life. Adani & PMO bullies – your fear makes me pity you.
Khera too shared the message he got from Apple on X and asked, “Dear Modi Sarkar, why are you doing this?”
“Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?” Congress MP Shashi Tharoor said while posting about the attack.
The others whom The Wire can confirm have received the warning from Apple are well-known people who are open critics of the Narendra Modi government.
“The reports of threat notifications from Apple need to be taken very seriously and require investigation to determine the source and the extent of the malware attack. Given Indians – specially journalists, parliamentarians and constitutional functionaries – have also reportedly been targeted with Pegasus in the past it is a matter of deep concern for our democracy,” Prateek Waghre, policy director of the Internet Freedom Foundation (IFF) told The Wire.
IFF’s founding director Apar Gupta posted on X to explain why these cannot be called “false alarms”.
“Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile. Secondly, Access Now and Citizen Lab last month have confirmed the validity of Apple’s threat notifications sent to Russian journalists, including Meduza’s publisher. These confirmations lend high credibility to such notifications. Thirdly, Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called ‘The Predator Files’,” he said.
Varadarajan is among half a dozen journalists in India, including The Wire‘s founding editor M.K. Venu, on whose phones Amnesty International’s Tech Lab found traces of Pegasus.
The Wire has written to Apple for comments on any further information it can share and this story will be updated when it does.
In 2021, the Pegasus Project had confirmed that more than a dozen phones in India – of politicians, journalists, human rights defenders and others – had been infected with the Israeli spyware which hundreds more had likely been targeted, including phones connected with the then Congress president Rahul Gandhi, lawyers, a sitting judge, an election commissioner, the ousted CBI director and family members of such persons also, just before and after the previous general elections in 2019.
The final report of a Supreme Court committee set up to investigate cases of the use of the military grade spyware has yet to be made public. While the Modi government stonewalled demands from the court on whether it had used Pegasus, it has never denied buying and deploying the spyware. The Wire partnered with several global news outlets to unveil the cyber attacks by state-sponsored entities, as the spyware company NSO Group has always maintained it only sold Pegasus to governments. You can read about Project Pegasus here.
The Financial Times ran a report in March this year on alternatives to Pegasus being mulled over for purchase. The Indian government is scouring the globe for spyware it could use which has a “lower profile” than Pegasus.
FT wrote that the Modi government is willing to spend anywhere up to $120 million to obtain the spyware, citing people familiar with the matter. India’s defence ministry declined to comment on the report, the newspaper said.
In one significant case – the Elgar Parishad case in which 16 rights activists, lawyers and academics were arrested – independent cybersecurity companies have found that the activists’ devices were compromised with spyware and this technology was used to plant incriminating ‘evidence’ on the devices.
This is a developing story and will be updated.
This article was first published on The Wire.
Also Read: Gujarat Transfers Four IAS Officials
