In non-public, in line with three folks with information of the matter, senior Modi administration officers known as Apple’s India representatives to demand that the corporate assist soften the political impression of the warnings. They additionally summoned an Apple safety professional from outdoors the nation to a gathering in New Delhi, the place authorities representatives pressed the Apple official to give you different explanations for the warnings to customers, the folks stated. They spoke on the situation of anonymity to debate delicate issues.

“They were really angry,” a type of folks stated.

The visiting Apple official stood by the corporate’s warnings. But the depth of the Indian authorities effort to discredit and strong-arm Apple disturbed executives on the firm’s headquarters, in Cupertino, Calif., and illustrated how even Silicon Valley’s strongest tech corporations can face strain from the more and more assertive management of the world’s most populous nation — and one of the crucial vital know-how markets of the approaching decade.

Of the journalists who obtained notifications, two stood out: Anand Mangnale and Ravi Nair of the Organized Crime and Corruption Reporting Project, a nonprofit alliance of dozens of unbiased, investigative newsrooms from all over the world.

On Aug. 23, the OCCRP emailed Adani searching for remark for a narrative it might publish per week later alleging that his brother was half of a gaggle that had secretly traded tons of of tens of millions of {dollars} value of the Adani Group conglomerate’s public inventory, presumably in violation of Indian securities legislation. A forensic evaluation of Mangnale’s telephone, performed by Amnesty International and shared with The Washington Post, discovered that inside 24 hours of that inquiry, an attacker infiltrated the system and planted Pegasus, the notorious spyware that was developed by Israeli firm NSO Group and that NSO says is offered solely to governments.

A spokeswoman for Adani denied that the magnate was concerned in any hacking effort and accused OCCRP of conducting a “smear campaign” in opposition to the Adani Group. She additionally criticized The Post for asking whether or not the Adani Group was concerned in, or had information of, the hacking makes an attempt in opposition to OCCRP. “While categorically denying and rejecting this insinuation, we find it disturbing and inappropriate that you would make an attempt to draw our name into this specious construct,” Varsha Chainani, the Adani Group’s head of company communications, stated in an emailed response to written questions. “The Adani Group operates with the highest level of integrity and ethical standards.”

Gopal Krishna Agarwal, a nationwide spokesman for the BJP, stated any proof of hacking ought to be introduced to the Indian authorities for investigation. Hiren Joshi, the highest communications official within the prime minister’s workplace, didn’t reply to requests searching for remark. Apple declined to remark in response to written questions.

The Modi authorities has by no means confirmed or denied utilizing spy ware, and it has refused to cooperate with a committee appointed by India’s Supreme Court to research whether or not it had. But two years in the past, the Forbidden Stories journalism consortium, which included The Post, found that telephones belonging to Indian journalists and political figures had been contaminated with Pegasus, which grants attackers entry to a tool’s encrypted messages, digicam and microphone.

In latest weeks, The Post, in collaboration with Amnesty, discovered contemporary instances of infections amongst Indian journalists. Additional work by The Post and New York safety agency iVerify discovered that opposition politicians had been focused, including to the proof suggesting the Indian authorities’s use of highly effective surveillance instruments.

In addition, Amnesty confirmed The Post proof it present in June that urged a Pegasus buyer was making ready to hack folks in India. Amnesty requested that the proof not be detailed to keep away from educating Pegasus customers methods to cowl their tracks.

“These findings show that spyware abuse continues unabated in India,” stated Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab. “Journalists, activists and opposition politicians in India can neither protect themselves against being targeted by highly invasive spyware nor expect meaningful accountability.”

NSO spokesperson Liron Bruck stated that the corporate doesn’t know who’s focused by its clients however investigates complaints which might be accompanied by particulars of the suspected hack.

“While NSO cannot comment on specific customers, we stress again that all of them are vetted law enforcement and intelligence agencies that license our technologies for the sole purpose of fighting terror and major crime,” Bruck stated. “The company’s policies and contracts provide mechanisms to avoid targeting of journalists, lawyers and human rights defenders or political dissidents that are not involved in terror or serious crimes.”

David Kaye, a former United Nations particular rapporteur on free expression who has testified earlier than an Indian Supreme Court committee probing the federal government’s suspected use of Pegasus, stated the latest reporting by The Post and its companions “further shifts the burden onto the Indian government to disprove the allegations that it uses these kinds of tools.”

“Especially after this information, the government absolutely has to be honest and transparent,” Kaye stated. “But the accretion of evidence suggests this is not divorced from the broader assault by the Modi government on the freedom of expression and the right to protest.”

One after another at October’s end, some of India’s best known journalists and politicians posted on X, formerly known as Twitter, that Apple had warned them that state-sponsored hackers may have targeted their devices. While Apple, as usual, did not accuse the Indian government or describe the attacks, the self-identified victims said there was a pattern: Many had questioned Modi’s close relationship with Adani, who lent the Indian leader aircraft for his 2014 election campaign, traveled abroad with him during state visits and operates a vast portfolio of seaports, airports, railroads and energy crops.

How political will often favors a coal billionaire and his dirty fossil fuel

On Aug. 31, the OCCRP published a joint investigation with British news outlets the Financial Times and the Guardian, reporting that Adani’s longtime associates had routed funds through offshore shell companies into publicly traded Adani shares. Adani denied the story’s allegations, but the report spurred calls for a parliamentary probe of suspected stock manipulation, and it renewed criticism that Modi’s government had failed to regulate Adani’s dealings out of loyalty to the businessman.

Hours after OCCRP sought comment from Adani a week before the story’s publication, unknown hackers used an exploit called Blastpass to weave through two security holes in Mangnale’s phone and install Pegasus, according to Amnesty’s analysis. Amnesty said it found no signs of an attempted intrusion on Nair’s phone, which is not uncommon after sophisticated attacks.

“We know Pegasus is only licensed to governments, and we know that the attack happened hours after we sent the email,” Mangnale said. “I am not pointing at anyone, but that is a hell of a coincidence.”

Others warned by Apple include Mahua Moitra, a member of Parliament who has vocally condemned Modi’s relationship with Adani. Moitra was expelled from Parliament this month by a BJP-dominated committee investigating allegations that she accepted gifts from an Adani business rival in exchange for raising questions about the billionaire’s business interests. In an interview, Moitra called the charges fabricated and said the government should scrutinize Adani’s transactions instead of her communications.

“Adani is the government and the government is Adani,” Moitra said. “It is our greatest misfortune that we are governed by a bunch of peeping Toms.”

IVerify examined Moitra’s phone backup and confirmed that she had received an Apple warning. It also saw urgent crash reports that, together with other digital records, suggested the device had been hacked. The company also found a threat notification and suspicious activity on the phone of Praveen Chakravarty, head of the opposition Indian National Congress party’s data analytics department.

This is way from the primary time the Indian authorities has been accused of snooping on critics.

In 2018, researchers on the University of Toronto’s Citizen Lab found evidence that servers used to plant NSO spyware were embedded in Indian telecom networks. Two years later, Citizen Lab and Amnesty found that nine human rights advocates in India had been hacked with emails that installed commercial spyware on their Windows computers.

In 2019, Meta’s WhatsApp additionally sued NSO, alleging that the agency exploited vulnerabilities in its chat software program to hack roughly 1,400 folks, and told the media that the victims included journalists and dissidents in India. NSO has denied wrongdoing in the case, which is pending. And last year, journalists working for OCCRP unearthed customs records showing that India’s Intelligence Bureau, the domestic security agency, received shipments of hardware matching Pegasus specifications from NSO’s offices outside Tel Aviv.

Siddharth Varadarajan, a co-founder of the Indian digital media outlet the Wire, received one of Apple’s Oct. 30 warnings. Amnesty found that the same hackers that broke into Mangnale’s phone had tried to do the same to Varadarajan’s. In both cases, someone using the Apple ID natalymarinova@proton.me had used the Blastpass vulnerability. The Post received no response to an email sent to that address.

The attempt to infiltrate Varadarajan’s phone and install Pegasus, which took place on Oct. 16, failed, Amnesty found. That’s because Blastpass had been revealed in September by Citizen Lab, Apple had fixed the two flaws it used and Varadarajan had kept his iPhone’s software updated.

Varadarajan said he was not working on any sensitive stories around the time of the attempted hack. But he said he was leading protests over the arrest of a leftist publisher accused of spreading Chinese Communist Party propaganda. The publisher’s website, Newsclick, had often run articles critical of Modi and Adani.

Government counteroffensive

As soon as journalists and opposition politicians shared their warnings from Apple, BJP officials scrambled to contain the fallout.

Senior Modi administration officials called Apple India’s managing director, Virat Bhatia, after the news broke, said two people with knowledge of the matter. One of the people said Indian officials asked Apple to withdraw the warnings and say it had made a mistake. After a heated discussion, the company’s India office said the most it could do was put out a public statement that emphasized certain caveats that Apple had already listed on its tech support web page concerning the warnings.

Still, Apple India’s corporate communications executives began privately asking Indian technology journalists to emphasize in their stories that Apple’s warnings could be false alarms and that similar warnings had been issued to users in 150 countries, not just India, said three Indian journalists, who spoke on the condition of anonymity to protect their relationship with Apple. The guidance effectively cast doubt on Apple’s own security team and shifted the spotlight away from the Modi government, these journalists said.

A BJP memo distributed to party surrogates and friendly media outlets pushed similar talking points. The memo, seen by The Post, noted that Apple users in 150 countries, including “several political leaders in Uganda,” had received similar hacking notices and that Apple’s operating systems contained security vulnerabilities. The evening the memo went out, government officials anonymously told Indian outlets they suspected that an “algorithmic malfunction” within Apple’s internal systems had generated the hacking notices, and Piyush Goyal, India’s commerce minister, said in a television interview that the notices may have been “a prank.”

On social media, pro-government influencers further muddied the waters. Sanjeev Sanyal, one of Modi’s economic advisers, pointed out on X that, in Apple’s hacking alerts, the company advised targeted users to consult with Access Now, a digital rights group that Sanyal noted has received funding from George Soros, the liberal financier and philanthropist. Soros is often painted by the Indian right as a boogeyman who masterminds international conspiracies against India.

“See the sinister plot here?” Amit Malviya, the head of BJP’s social media team, asked his 765,000 followers on X, implying that Apple, Access Now, Soros and opposition politicians were working together to falsely accuse the government of hacking.

On Oct. 31, Rajeev Chandrasekhar, the deputy minister of electronics and information technology, announced that a government probe had been launched into “these threat notifications and … Apples claims of being secure.”

After receiving a barrage of questions from the government, one Apple security expert from outside India flew to the country in November and met with officials at the technology ministry’s New Delhi offices, where officials again demanded alternative explanations for the warnings, according to the three people familiar with the events.

But Apple defended its work to the officials. “When Apple sends a notification, that’s yelling ‘fire.’ You’d better be pretty confident there’s a fire,” said a person who worked with the company. He and others spoke on the condition of anonymity to discuss sensitive dealings with authorities.

In response to questions from The Post about whether the government exerted pressure on Apple, the Ministry of Electronics and Information Technology said in a statement: “We have instituted technical investigation in the reported matter. So far, Apple has cooperated fully in the investigation process.”

Nikhil Pahwa, the founder of the Indian tech policy news website MediaNama, said the Modi government deployed a familiar tactic.

“You can’t have the Indian government investigating itself,” Pahwa said. “What we see often with the Indian government is what I would call ‘kite-flying’: putting a message out to defuse a situation or to misdirect a situation.”

Silicon Valley corporations have been pressured to miss Indian authorities overreach earlier than. This yr, The Post found that both Facebook and X uncovered covert Indian military propaganda and calls for violence on their platforms, but executives hesitated to remove them. In both cases, executives at the companies’ India offices warned colleagues at the U.S. headquarters about the risks of clashing with the government and endangering their business.

But the confrontation between Apple and the Modi administration this autumn was more delicate for both sides and ended in a stalemate, according to industry analysts and people working with Apple.

For its part, Apple has been looking to India as a revenue driver as sales flatten in other markets. India is on track to account for 10 percent of Apple sales in 2025, up from 4 percent now, according to Wedbush Securities analyst Daniel Ives.

“India will be the heart and lungs of Apple’s strategy outside of China,” Ives stated.

The Modi administration, meanwhile, doesn’t want to alienate a high-profile device manufacturer that it has been courting as part of its “Make In India” campaign to create factory jobs. That may have helped to blunt the government’s retaliation over the hacking warnings, people working with Apple said.

Although Apple India executives initially helped provide Modi government officials fodder for doubts about the warnings, Apple ultimately ceded less ground than its Silicon Valley peers have, according to people familiar with the events who noted that Apple issued no new statement after the November summit with Indian authorities.

“Apple is treading a very delicate line,” said Steven Feldstein, a fellow at the Carnegie Endowment for International Peace in Washington who studies the spyware industry. “It needs to stand up for digital rights and its core brand of protecting privacy, but it also doesn’t want to jeopardize its presence in an extremely important market.”

Rank-and-file Apple employees say that the company cannot afford to compromise on its commitment to making its devices as safe as possible in an era when crime and surveillance are surging. Last year, Apple introduced Lockdown Mode, an option that drastically reduces the number of electronic avenues that can be used to implant Pegasus or similar spyware. No infections have been discovered on phones running in Lockdown.

A multitude of internal signals factor into Apple’s determination that a country is behind a specific hacking attempt, and the chances of false alarms are small, former employees and people working with the company say. Apple has expanded its security and threat-research teams in recent years, hiring technologists with human rights backgrounds as well as intelligence agency veterans, and it conducts inquiries like a small intelligence agency itself. If it detects something unusual, it looks for the same activity elsewhere and then follows the leads to find more hacking techniques and victims.

With many hacking attempts, something outside the norm occurs. It can stand out as starkly as someone coming into a restaurant and ordering three desserts, then one entree, and then six appetizers, said a former Apple employee.

Apple sued NSO for allegedly hacking its infrastructure and began warning of state-sponsored attacks in November 2021, after the Forbidden Stories consortium exposed worldwide abuses. (Attacks on Android phones are also common, but they have a variety of manufacturers.) The Commerce Department blacklisted NSO that same month, barring it from deals with American companies.

The alerts have played a major role in exposing hacking activity, especially when those notified get their phones examined afterward. The discoveries have revealed hacking methods that can then be blocked, making it more expensive for those who sell the most powerful hacking tools, industry experts say.

“Apple’s warnings have fundamentally changed the game for finding spyware abuses,” said John Scott-Railton, a researcher at Citizen Lab. “Their warnings shift the power balance.”

The elevated consideration has elevated the difficulty to the White House, which this yr pledged with allied governments to not purchase from the businesses whose instruments had been being abused by authoritarian regimes.

India shouldn’t be among the many governments that joined the pledge.

This yr, there have been different indicators of the Indian authorities hacking targets it perceives as threats.

In recent weeks, iVerify examined the phone of the New York-based Sikh separatist Gurpatwant Singh Pannun, who U.S. prosecutors say was targeted for assassination by an Indian official. IVerify engineers found severe crashes of his encrypted messaging apps that could have been triggered by hacking attempts, said chief executive Danny Rogers. Referring to activity of an encrypted messaging app during two days in July, Rogers said: “Eight Signal crashes in a row screams that someone is trying to hack you.”

Rogers said those crashes were not proof of a hacking attempt but were troubling because there was other evidence Pannun had been targeted. In May, Pannun was chatting over Telegram with an account belonging to Hardeep Singh Nijjar, a Sikh separatist based in Canada, Pannun told The Post. When the conversation seemed off and Pannun called Nijjar over the phone, Nijjar said he hadn’t used Telegram in a while. A few weeks later, on June 18, Nijjar was shot by masked gunmen in a parking lot — a slaying that Canadian Prime Minister Justin Trudeau announced in September was “credibly” linked to the Indian government.

Pannun advised The Post that his personal telephones had been hacked twice earlier than.

The U.S. State Department declined to address India’s alleged use of spyware directly. A spokesman said that the government “remains very concerned about the proliferation and misuse of commercial spyware, which is being used around the world to erode democratic values and to enable human rights abuses. We are committed to countering the misuse of this technology and the threats they pose, in partnership with allies around the world, and we welcome other like-minded partners to join us.”

Journalists nonetheless underneath hearth

Officially, the Indian investigation of Apple continues, but people briefed on the matter said pressure on the company has waned. The next step is a report by India’s cybersecurity office, but it has no deadline. Indian media have reported that Indian officials now believe Apple’s warnings of state-sponsored hacking were genuine, but that the culprit may have been Beijing. While China is India’s great regional rival and a prodigious hacker, it has never been publicly linked to any use of Pegasus. The Israeli defense ministry must approve all sales of the spyware.

While tensions between Apple and New Delhi have eased, the journalists who faced hacking attempts continue to experience pressure.

In November and December, a third Indian journalist who has worked with OCCRP received phishing emails from a hacker who posed as a whistleblower seeking to leak corporate documents. The emails contained malware, according to OCCRP’s security team, which has not been able to identify the sender.

After the publication of their Adani investigation in August, Mangnale and Nair were summoned by the crime branch of the Ahmedabad city police force, in Adani’s and Modi’s home state of Gujarat, to respond to a complaint by a local investor who accused them of releasing a “grossly false and malicious” story about Adani. Ahmedabad police have also summoned two British reporters with the Financial Times, which collaborated with OCCRP on the investigation, as part of a preliminary inquiry.

A spokesperson for the FT declined to comment. The OCCRP said it has successfully appealed to the Indian Supreme Court to protect Mangnale and Nair from potential arrest, but the journalists are still fighting in court to avoid questioning by police.

At their first hearing on Dec. 1, the OCCRP journalists discovered a particularly high-powered lawyer was arguing the case on behalf of local police.

That lawyer was Tushar Mehta, the solicitor normal of India.

Menn reported from San Francisco. Anant Gupta contributed to this report.

Design by Anna Lefkowitz. Visual enhancing by Chloe Meister, Joe Moore, Olivier Laurent and Jennifer Samuel. Copy enhancing by Christopher Rickett. Story enhancing by Mark Seibel. Project enhancing by Jay Wang.