Pegasus India Investigation

Current situation of investigation

The terms of reference of the Committee are as follows:

A. To enquire, investigate and determine:

• Whether the Pegasus suite of spyware was used on phones or other devices of the citizens of India to access stored data, eavesdrop on conversations, intercept information and/or for any other purposes not explicitly stated herein?
• The details of the victims and/or persons affected by such a spyware attack.
• What steps/actions have been taken by the Respondent ­Union of India after reports were published in the year 2019 about hacking of WhatsApp accounts of Indian citizens, using the Pegasus suite of spyware.
• Whether any Pegasus suite of spyware was acquired by the Respondent­ Union of India, or any State Government, or any central or state agency for use against the citizens of India?
• If any governmental agency has used the Pegasus suite of spyware on the citizens of this country, under what law, rule, guideline, protocol or lawful procedure was such deployment made?
• If any domestic entity/person has used the spyware on the citizens of this country, then is such a use authorised?
• Any other matter or aspect which may be connected, ancillary or incidental to the above terms of reference, which the Committee may deem fit and proper to investigate.

B. To make recommendations:

• Regarding enactment or amendment to existing law and procedures surrounding surveillance and for securing improved right to privacy.
• Regarding enhancing and improving the cyber security of the nation and its assets.
• To ensure prevention of invasion of citizens’ right to privacy, otherwise than in accordance with law, by State and/or non­State entities through such spywares.
• Regarding the establishment of a mechanism for citizens to raise grievances on suspicion of illegal surveillance of their devices.
• Regarding the setting up of a well­equipped independent premier agency to investigate cyber security vulnerabilities, for threat assessment relating to cyberattacks and to investigate instances of cyberattacks in the country.
• Regarding any ad­hoc arrangement that may be made by this Court as an interim measure for the protection of citizen’s rights, pending filling up of lacunae by the Parliament.
• On any other ancillary matter that the Committee may deem fit and proper.

Investigation Methodology:

Q1) What are the terms of reference of the Technical Committee?

The terms of reference of the committee are extracted below. [The order dated Oct 27 2021, of the Hon’ble Supreme Court of India is available at this link];

To enquire, investigate and determine:

• Whether the Pegasus suite of spyware was used on phones or other devices of the citizens of India to access stored data, eavesdrop on conversations, intercept information and/or for any other purposes not explicitly stated herein?
• The details of the victims and/or persons affected by such a spyware attack.
• What steps/actions have been taken by the Respondent Union of India after reports were published in the year 2019 about hacking of WhatsApp accounts of Indian citizens, using the Pegasus suite of spyware.
• Whether any Pegasus suite of spyware was acquired by the Respondent Union of India, or any State Government, or any central or state agency for use against the citizens of India?
• If any governmental agency has used the Pegasus suite of spyware on the citizens of this country, under what law, rule, guideline, protocol or lawful procedure was such deployment made?
• If any domestic entity/person has used the spyware on the citizens of this country, then is such a use authorised?
• Any other matter or aspect which may be connected, ancillary or incidental to the above terms of reference, which the Committee may deem fit and proper to investigate.

B. To make recommendations:

• Regarding enactment or amendment to existing law and procedures surrounding surveillance and for securing improved right to privacy.
• Regarding enhancing and improving the cyber security of the nation and its assets.
• To ensure prevention of invasion of citizens’ right to privacy, otherwise than in accordance with law, by State and/or non-State entities through such spywares.
• Regarding the establishment of a mechanism for citizens to raise grievances on suspicion of illegal surveillance of their devices.
• Regarding the setting up of a well equipped independent premier agency to investigate cyber security vulnerabilities, for threat assessment relating to cyberattacks and to investigate instances of cyberattacks in the country.
• Regarding any adhoc arrangement that may be made by this Court as an interim measure for the protection of citizen’s rights, pending filling up of lacunae by the Parliament.
• On any other ancillary matter that the Committee may deem fit and proper.

62. The Procedure of the Committee shall be as follows:

• The Committee constituted by this Order is authorised to (a) devise its own procedure to effectively implement and answer the Terms of Reference; (b) hold such enquiry or investigation as it deems fit; and (c) take statements of any person in connection with the enquiry and call for the records of any authority or individual.
• Justice R. V. Raveendran, former Judge, Supreme Court of India will oversee the functioning of the Committee with respect to the methodology to be adopted, procedure to be followed, enquiry and investigation that is carried out and preparation of the report.
• The learned overseeing Judge is at liberty to take the assistance of any serving or retired officer(s), legal expert(s) or technical expert(s) in discharge of his functions.
• We request the learned overseeing Judge to fix the honorarium of the members of the Committee in consultation with them, which shall be paid by the Respondent Union of India immediately.
• The Respondent Union of India and all the State Governments, as well as agencies/authorities under them, are directed to extend full facilities, including providing support with respect to infrastructure needs, manpower, finances, or any other matter as may be required by the Committee or the overseeing former Judge to effectively and expeditiously carry out the task assigned to them by this Court.

Q2) Can I submit my phone for verification?

If you have strong reason to believe that your phone may have been infected with the Pegasus malware of NSO group, then you may contact us through email: inquiry[at]pegasus-india-investigation[dot]in

You should inform us why you feel your phone is infected. If we find probable infection cause in the reasons provided to us, then we will ask you to permit us to take a copy of your phone’s digital image for further investigation. In case your name / number appears on one of the lists published by media as to numbers/names compromised, you may state that fact as well.

Q3) What is the investigation methodology of the committee?

The investigation methodology of the committee is based on digital forensic investigations.

We have a three-pronged strategy of investigations:

1.We are hearing petitioners, victims and experts about their views and gathering evidence through these presentations/statements.

2. We are working on isolating the malware, as well as building up a technical proof that may help us identify the malware and its infection on devices(handsets). As on date we do not have a controlled sample of the malware. We are looking to get the controlled sample of the malware through public, collaborations, discussions and our own efforts. In addition, we are also examining other approaches and their validity in terms of whether those techniques could be used as evidence in the Indian judicial system. We are also writing code that may be used to identify specific aspects of the malware beyond what is already in the public domain.

3.We are writing to various organizations for their inputs on the investigation. For example, we have written to Amnesty International, to NSO group, to Apple, to other experts, so that we may secure necessary material to assist in our investigation.

4.If any member of the public has an authentic (binaries) sample of the malware in any controlled form, especially malware used in the periods 2017-2019 or 2019-2021, kindly contact us at inquiry[at]pegasus-india-investigation[dot]in

The above is the approximate high-level algorithm that we are following for this investigation. We are checking the data that we get from the phones as an image and some other courses for various processes, threads, database entries, deletions, memory encroachment techniques, battery usages, communication with known and unknown URLs and based on these formulating (a) a method to declare a phone as infected with a malware (stage 1), (b) thereafter classifying this malware as the Pegasus malware of the NSO group (stage 2) and (c) thereafter establishing that the malware was installed by a certain user of the malware.

Q4)Will you use Amnesty International’s MVT toolkit for evaluation of the data?

We are in the process of extensively studying the files in the github repository that marks the MVT by Amnesty International laboratory. We are trying to analyse and verify the methodology of this toolkit so that no false positives or false negatives happen. Needless to say, the MVT is a good source for evaluation on finding out certain process, and we are now considering how to use this in this investigationGeneral public, experts and others are welcome to join us by writing to us on the email: inquiry[at]pegasus-india-investigation[dot]in

Q5)What about using Lookout lab reports?

We will analyse, verify and use every possible report that is available to us to establish whether any infection found in any instrument is due to Pegasus malware

Q6)When will the report be submitted?

The Hon’ble Supreme Court of India has directed the committee to expeditiously carry out this investigation. The committee endeavours to submit its final report at the earliest possible date to the Hon’ble Supreme Court. Due to the dynamic nature of the investigation, it is not possible to set a particular date for this report. The committee is working hard to deliver a report at the earliest and correct fashion.

Q7)If I want to depose before the Technical Committee, when and how can I do so?

Please write to us at inquiry[at]pegasus-india-investigation[dot]in with a short explanation as to why you would like to depose, or what evidence you may have. Based on your note, we would send you a time schedule for your statement /presentation. Usually the committee hears witnesses/petitioners on Friday between 9 am and 1030 am IST through online mode by prior appointment. Upon your presentation/deposition and Q&A, a copy of the video recording shall be made available through this website for your records.

Q8)What is the schedule of witness depositions?

The schedule of witness depositions is available at: www.pegsus-india-investigations.in/depositions

Q9)If I have a particular query, and I feel I can contribute to this investigation, what do I do?

Please contact us with your query or your input. While we will read every such query and deliberate whether to discuss this with you further, we may not be able to acknowledge each and every email sent to us.

Q10)Will your final report be in the public domain?

The Technical Committee’s report will be submitted to the Hon’ble Supreme Court of India

Q11)Will you contact the NSO group for further information?

yes, we will be contacting NSO group as part of our inquiry

Q12)If my phone is infested, how and when can I submit it to the Committee?

You may contact us at: inquiry[at]pegasus-india-investigation[dot]in. You can submit your phone for taking digital images between 4th and 7th January 2022 or 27th to 29th January 2022 at our collection center in Delhi. You will have to visit the center at a pre-scheduled time to drop your phone. You will be given the phone back after a digital image has been obtained. After the digital image is taken, you will be given a copy of the digital image on a pen-drive (to be provided by you) If your phone is required for further investigation, you may be called upon to produce the same again. You shall sign a declaration to the above effect.

Q13)What will you do with the personal data collected while making the digital image of an instrument submitted for verification?

We will be using only the digital image running our diagnostics on it. We will not make any attempt to read your personal data. Having said that, in the course of this investigation we cannot guarantee the full safety of your data or device though we can assure you of no wilful damage to your device or data. At the end of the investigation, the data shall be submitted to the Hon’ble Supreme court. After submitting the report, we will destroy all the copies in our possession obtained during the investigation.

Profile of committee

 

Justice R.V. Raveendran

Former Judge, Supreme Court of India

Advisors

Mr. Alok Joshi

Former IPS Officer

Dr. Sundeep Oberoi

Chairman, ISO/IEC JTC1 SC7

Technical Committee

Dr. Naveen Kumar Chaudhary

Professor

Dr. Prabaharan P.

Professor

Dr. Ashwin Anil Gumaste

Institute Chair Professor

Deposition of petitioners/complainants' schedule

• Mr. Anand Statement
• Mr. Sashi Menon Statement
• Mr. Sandeep Shukla Statement
• Mr. N Ram Statement
• Mr. Rupesh Kumar and Mrs. Ipsa Shatakshi Statement
• Mr. Arvind Kumar Statement
• Mr. Chhokar Statement
• Hon'ble MP John Brittas Statement
• Mr. Siddharth Vardarajan Statement
• Prof. Kaye Statement
• Mr. J. Gopikrishnan Statement
• Mr. Abdi Statement
• Mr. Paranjoy Guha Thakurta Statement

Submit request for inquiry

Contact us

inquiry@pegasus-india-investigation.in
technical.commitee@pegasus-india-investigation.in