Respondents in the ongoing probe into the Pegasus spyware have called on the Supreme Court-appointed expert panel to order Bharti Airtel to depose before the committee. They cited Citizen Lab’s report which claimed that a few Indian companies’ networks had been infected with the spyware.
Citizen Lab, a security organisation at the University of Toronto, in a report from 2018, said that command and control servers of Pegasus were located in India under autonomous system numbers (ASNs) of service providers, including that of Bharti Airtel. Apart from that, the report also found infections in ASNs of Hathway IP Over Cable Internet, Atria Convergence Technologies Pvt Ltd (ACT), National Internet Backbone, and Star Broadband Services, all of which are based in India.
Privacy and security researcher Anand Venkatanarayanan and co-founder of Association for Democratic Reforms (ADR) Professor Jagdeep Chhokar*, in their affidavits submitted before the Justice RV Raveendran-led committee, said that an enquiry into Airtel by the committee would “confirm the deployment of Pegasus infrastructure in their networks”. Chhokar was one of the 300 Indians featured in the list of more than 50,000 potential targets of surveillance (through Pegasus) by government clients of the NSO Group.
In October 2021, the Supreme Court appointed a committee to investigate the deployment of Pegasus spyware in India after a consortium of 17 news organisations carried out an investigation into the matter. At the centre of the investigation was the spyware, developed by the Israeli firm NSO Group, which has serious consequences on issues pertaining to privacy, security, and surveillance. The software purportedly infects electronic devices without detection and spies on its victims by transferring all the data on the device to a master server. It has been identified as a cyber weapon that is sold exclusively to governments by NSO.
ASN24560, ASN 9498, ASN 45609 of Airtel in question: Respondents
“Of which ASN 24560 and ASN 9498 are interesting because one of these (24560) is typically reserved for very selective corporate clients including the Government of India.” — V Anand
Chhokar in his affidavit requested the expert panel to order the managing director of Bharti Airtel to disclose on affidavit —
- The name of the customer
- IP address/sequence of IP addresses (block)
- Duration of the allocation with respect to ASN 9498, 24560 and 45609
But first, what are ASNs?: According to Cloudflare, an autonomous system is a large network of group of networks that has a unified routing policy. “Every computer or device that connects to the internet is connected to an AS,” it said. Now each AS is assigned to an official number, similar to how every business has a license with an unique number.
- An example: For instance, if an office has three branches across three cities, and if it wants to establish connectivity between three locations, then the office needs to contact the service provider. The service provider will provide a connection between these three branches. Similarly, another office with three branches may also approach the same service provider for connecting its three branches. The question then becomes how the service provider will differentiate between the traffic between the two offices. In order to do that, the service provider will assign an autonomous system number to each office.As long as the branches are being connected by the same service provider, an office can use a private ASN. However, when the traffic from the branches attempts to connect to the internet, the service provider has to ensure that it uses public AS numbers.
Airtel neither confirms nor denies instance of Pegasus infection
MediaNama reached out to Airtel asking whether, if ever, their networks have been infected with Pegasus spyware, and we also asked for the name of the customer and IP address/sequence of IP address with respect to ASN 9498 and 24560.
Although Airtel neither confirmed nor denied whether Pegasus was deployed in their networks, it provided the following statement in regards to the second part of our query:
“Airtel serves 325 million mobile customers, over 4 million broadband customers and over 1 million small and large companies. Across all these customers there are only three network identifiers – these 3 identifiers are called ASN. It is, therefore, clear there are millions of customers on our network who are using our connectivity and all of whose usage is aggregated into only one of these three ASNs. There is no way for Airtel to know which particular customer’s traffic is going through one of these ASNs.” — Airtel spokesperson
We also reached out to ACT Internet, who declined to comment on the issue. Attempts to contact MTNL representatives did not elicit a response.
NYT report says Indian government bought Pegasus
These developments come at a time when a report by the New York Times has claimed that the Indian government bought Pegasus in 2017, as part of a larger arms deal with Israel. The report referred to a visit by PM Narendra Modi to Israel, a first of its kind by an Indian prime minister. Until then, India had maintained a policy of ‘commitment to the Palestinian cause’ and relations with Israel were frosty. But, the report said, during that visit, the two countries agreed on a sale of a package of weapons and intelligence gear worth roughly $2 billion — with Pegasus and a missile system at the centre of the deal.
There has been considerable fallout as a result of this report, and the government faces renewed pressure to provide clarifications regarding the allegations.
- Privilege motion: MP Adhir Ranjan Chowdhury, the Leader of Opposition in the Lok Sabha, moved a privilege motion against IT Minister Ashwini Vaishnaw and the BJP-led NDA government for allegedly misleading the Parliament on the Pegasus issue. In a letter to the Lok Sabha Speaker Om Birla, Chowdhury pointed out that in the aftermath of the Pegasus controversy last year, wherein it was alleged that the Indian government used military-grade spyware on Indian citizens, Vaishnaw in a sworn affidavit had said: “unequivocally, we deny any and all of the allegations against the Government”.
- Editors Guild of India wants SC committee to take cognisance of the report: In a statement, Editors Guild of India President Seema Mustafa expressed concern regarding the claims made in the NYT report. “The Guild has written to the committee headed by Justice Raveendran which was instituted by the Supreme Court to inquire into and investigate the use of Pegasus spyware,” the statement read.
- Indian cyber experts found Pegasus on phones: According to an Indian Express report, at least two cyber-security researchers who deposed before the Supreme Court-appointed expert committee testified that they found ‘concrete evidence’ of the spyware on devices of the petitioners. One of the two researchers analysed iPhones of seven people, out of which two were found to be infected.
- Serial petitioner strikes again: Advocate ML Sharma has moved the Supreme Court seeking a probe into the reported purchase of Pegasus by the Indian government. According to LiveLaw, Sharma has filed an application seeking directions to register an FIR for investigation to recover the public money paid through the Indo-Israel defence deal. He also sought directions to prosecute Prime Minister Modi, the report added.
* Disclosure: Prof Jagdeep Chhokar, a petitioner in this case, is the uncle of MediaNama’s Founder and Editor Nikhil Pahwa.
- Summary: Apple’s Lawsuit Against NSO Group For Surveilling, Targeting Its Users With Pegasus Spyware
- Pegasus Probe: SC-Appointed Committee Reaches Out To Targeted People With A Request
- Supreme Court Appoints Committee To Investigate Pegasus In India; “State Does Not Get A Free Pass”
- UN Human Rights Council Faces Pressure To Denounce And Investigate Pegasus Surveillance
- Dubai’s Ruler Used Pegasus Spyware To Spy On His Ex-Wife Haya, Confirms UK’s High Court
Have something to add? Post your comment and gift someone a MediaNama subscription.