PM Modi Government in damage control mode ? Apple Spyware alert revives Ghost of Pegasus

PM Modi Government in damage control mode ?
Apple Spyware alert revives Ghost of Pegasus

News comes as a rude shock that some two dozen individuals in India on Monday night received alerts from Apple warning them of “being targeted by state-sponsored attackers who are making any ato remotely compromise the iPhone associated” with their Apple ID.

However, neither Apple gave any specific details of which government or agency was doing the targeting, nor did it describe the nature of the remote compromise being effected.

But, the general description it provided was graphic enough:
That these attackers are likely to target individually because of who you are or what you do.

If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.

Though , it’s possible this is a false alarm, please take this warning seriously.
For those previously targeted with the Israeli spyware Pegasus, he was among several journalists in India on whose phone the spyware was found receiving Apple’s alert was a reminder of the state’s ingenuity in snooping on those it classifies as opponents.

And of the ever evolving nature of spyware, malware and surveillance technology.

Smeanwbikeo, is this a warning that Pegasus is being used again? Or perhaps some other spyware like Predator? At this stage, we don’t know enough.

Spyware is a big business globally and there are dozens of countries whose political, legal and ethical norms have created a permissive environment for ruling parties to weaponise surveillance for their own narrow partisan aims.

In 2021, the Pegasus Project , of which The Wire was the India partner, used a leaked database of likely Pegasus victims to report on the targeting of thousands of individuals across dozens of countries by unidentified government clients of the Israeli spyware manufacturer NSO.

Analysis of the numbers yielded geographical clusters and helped pinpoint the governments most likely involved.

In India, The Wire and its partners were able to identify more than 140 likely targets of Pegasus and were able to confirm the presence of the spyware on the phones of over a dozen individuals. Among these was the politician Prashant Kishor, whose phone yielded evidence of a compromise even as he was guiding the Trinamool Congress in its election battle with the Bharatiya Janata Party.

Given the nature and spread of the Indian targets on the leaked Pegasus database, it was evident that the targeting client was India.

In a statement/clarification emailed to reporters on Tuesday after several opposition leaders blamed the Modi government for targeting them, Apple said that it “does not attribute the threat notifications to any specific state-sponsored attacker.”

Since 2021, when it enabled the threat notification feature, Apple has sent similar alerts to persons in 150 countries around the world. What this means is that Apple has detected targeting attempts by multiple governments, at different points in time, and has sent out alerts to the affected individuals. In none of those cases has Apple identified the state-sponsor of the attack but it never really needed to. Thus, when two dozen journalists in El Salvador received warnings about state actors attempting to compromise their iPhones, it was clear as day that the targeting state was the government of El Salvador.

Government handlers have predictably clutched at the straw of understatement offered by Apple’s clarification to suggest there is some ambiguity about who might have targeted India’s opposition leaders. But as in the case of the Pegasus database of Indian numbers, it is only the Indian government which would have an interest in deploying spyware costing tens of millions of dollars against the range of targets that we have seen in India.

The ‘false alarm’ suggestion has predictably been played up by a section of the media eager to bat for the Modi government without any reference to what Apple is actually trying to say.

The words being quoted above is only a part of what Apple said in its statement and has actually been up on the company’s website for several months now. It notes that the sophisticated nature of the attacks make their detection difficult:

“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected.”

If anything, Apple is reinforcing the danger posed by state-sponsored attackers. Which is why the message it sent each of the victims on Monday night had this warning:

“While it’s possible this is a false alarm, please take this warning seriously.” (Emphasis added)

As opposition politicians took to Twitter one after the other on Tuesday morning to draw attention to the alerts they had received from Apple, the needle of suspicion clearly pointed towards the Modi government. The government’s first attempt at damage control was to float the suggestion via friendly journalists that these alerts had somehow been sent out in error. A number of television anchors started sharing a forward they had been sent claiming that ‘sources in Apple’ had said an “algorithm malfunction triggered these mails” and that the company “will issue a statement in this regard in sometime.”

Journalists with whom this was shared have said off the record that they received this ‘algorithm malfunction’ advisory from a senior government minister.

Apple’s India team indeed put out a ‘clarification’ and though it did not cite the (absurd) algorithm malfunction theory, it highlighted two pieces of information that the government was quick to latch on to.

Notedly, none of those who had received the alert the previous night and who had contacted Apple for more information and help in dealing with the threat received any response. But the company was quick to issue a statement which began with the declaration: “Apple does not attribute the threat notifications to any specific state-sponsored attacker.”

When The Wire contacted Apple India’s team to ask about the ‘algorithm malfunction’ theory, their reply was categorical: “This is untrue and we do not know where this came from… We’re advising all reporters the same on background.”

Before analysing Apple’s ‘clarification’ and its impact, the fact that a minister in government knew the company was going to “issue a statement in this regard in sometime” makes two things clear. First, that it was the Modi government which was keen for Apple to say something on the subject. And second, that there was likely some process of negotiation between the government and Apple about the contents of the ‘clarification’. Perhaps this is the reason why the Apple representative repeatedly told journalists to whom the ‘clarification’ was sent (including to The Wire) that, “It would be really helpful if you can note the 150 countries statistic in your story, found in the on background info below.”

The Apple statement’s reference to 150 countries was for the period since 2021 but the way IT minister Ashwini Vaishnaw recounted it, it was as if Apple had alerted people in 150 countries at the very same time as they had contacted those in India. This is what the minister told the media.

Apple has released a clarification that the allegations by compulsive critics are not true. Such advisories have been sent to people in 150 countries. The people who cannot see the growth of the country are doing destructive politics…”

By creating the impression that the opposition politicians who had received the ‘state-sponsored attack’ alerts from Apple were part of a common group spread across 150 countries – all of whom had been informed at the same time – Vaishnaw was trying to shift the blame away from his government.

In reality, Apple launched its threat notifications process in November 2021, in response to reporting by the Pegasus Project. The first time Apple used the “150 countries” figure was in July 2022, when it became aware of a new vulnerability in the iPhone that was serious enough for it to introduce the ‘lockdown mode’ as a security feature and notify people around the world who might have been targeted through an iMessage exploit. As the Washington Post reported at the time:

“Researchers at the University of Toronto’s Citizen Lab captured what they said was a new version of Pegasus last year that exploited Apple devices through iMessage without needing any action from the victim to be installed. That triggered an Apple investigation and the notifications to targets.

On a call with reporters on Tuesday, Apple representatives said those warnings have now gone to residents of 150 countries, underscoring the dramatic scale of the problem.”

The IT minister has sought to make light of the emerging surveillance scandal by presenting Apple’s alert as “vague” because it lacks specifics. But this is not the first time Indian phone users have been alerted to the possible use of spyware against them.

News Edit K.V.Raman