Ghost of Pegasus resurfaces as opposition leaders receive 'state-sponsored attack' alerts

New Delhi: The memories of the Pegasus scare resurfaced Tuesday when scores of opposition leaders shared the Apple warning received on their iPhones that said "state-sponsored attackers trying to remotely compromise".

Shiv Sena (UBT) MP Priyanka Chaturvedi, Trinamool Congress' Mahua Moitra, , Aam Aadmi Party's Raghav Chadha, Congress' Shashi Tharoor and his party's media and publicity department head Pawan Khera shared the message from Apple on X. CPI(M)general secretary Sitaram Yechury also received a similar message, sources in the party said.

After some of the most vocal critics of the government said they received warnings that attempts have been made by state-sponsored attackers to steal information from their iPhones, Apple in a statement stated it is possible that some threat notifications may be false alarms and some attacks may not be detected.

"Apple does not attribute the threat notifications to any specific state-sponsored attacker," the firm said.

State-sponsored attackers, it said, are "very well-funded and sophisticated, and their attacks evolve over time".

"Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It's possible that some Apple threat notifications may be false alarms, or that some attacks are not detected," it said.

It, however, refused to say what triggered warnings received by MPs, such as Mahua Moitra of TMC.

"We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future," Apple said.

Meanwhile, sources privy to the development said Apple has sent threat notifications to individuals whose accounts are in nearly 150 countries.

Earlier, BJP IT cell chief Amit Malviya asked why not wait for Apple to clarify.

“Or is it too much to let go an opportunity to outrage?" Malviya targeted the opposition leaders.

He also claimed that this hullabaloo, in all probability, like in the past, will end up as damp squib.

Spyware Pegasus, which is sold by NSO Group of Israel, made enough noise two years ago when Amnesty International said that the Modi government had kept over 300 people including opposition leaders, journalists and activists under surveillance.

The allegation, based on a report by Amnesty International on the illegal use of Pegasus, had set off a political storm with civil rights activists joining hands with the opposition to raise allegations of a surveillance state and not letting Parliament function for several days. 

The matter was taken to court, where the petitioners pointed to the claim of the NSO Group, manufacturer of Pegasus, of having only government entities as its clients while pressing for a probe.

The government denied the charge but refused to confirm or deny the acquisition of Pegasus. 

A CJI Ramana-led bench, after several high-wattage hearings, ordered a probe by a technical committee of its choice, brushing aside the reservations of the government, which argued that putting in the public domain details of software used by government agencies to intercept communications between enemies of India and terror organisations would allow them to take preventive measures against surveillance.

In August 2022, the Supreme Court-monitored technical expert committee, after months of forensic scrutiny, said it could not find Pegasus spyware in the 29 mobile phones of complainants but detected malware in five others.

In 2021 also, Apple issued threat notifications to users who it believed were victims of ‘state-sponsored attacks’. 

It also published a support page about what this notification will look like for users. 

On its support page, Apple says it is “designed to inform and assist users who may have been targeted by state-sponsored attackers.”

Explaining the state-sponsored attackers, the iPhone maker says that they are different from regular cyber-criminals. Here, an enemy state, or very often the victim’s nation-state is believed to be targeting the user because they are perceived as a threat. Apple says that these “users are individually targeted because of who they are or what they do.”

But most importantly “state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent,” adds the page. 

In the case of Pegasus, each license is believed to cost 100,000s of dollars and it is not something that can be deployed by any regular cyber-criminal. Pegasus is also a cyber weapon and can only be sold to governments.