The Hindu, a leading Indian publication known for its comprehensive political and economic affairs coverage, has shed light on a recent procurement by an Indian defence agency from Cognyte. This Israeli spyware firm has emerged as a potential alternative to the notorious Pegasus spyware sold by Israel’s NSO Group.
Drawing on meticulous analysis of trade data, The Hindu’s report comes on the heels of recent revelations by the Financial Times that the Narendra Modi government is considering a substantial investment of up to $120 million in spyware from less conspicuous vendors, in contrast to the NSO Group, infamous for its military-grade spyware offerings, such as Pegasus.
Cognyte Software Limited, specifically cited in the Financial Times report as one of the firms under consideration by the defence ministry, has been no stranger to controversy. The firm has been implicated in Meta’s report on the ‘Surveillance for Fire’ industry, wherein it has been accused of targeting journalists, government critics, human rights activists, opposition leaders, and dissidents, often through surreptitious compromise of their devices or accounts.
The Hindu’s investigation has revealed that Cognyte, in conjunction with its former parent company Verint Systems Inc., has been a regular supplier of computer equipment to the Signal Intelligence Directorate (SID) for three years. The SID, which operates under the aegis of the Defense Intelligence Agency (DIA), encompasses personnel drawn from the Army, Navy, and Air Force. It has been duly authorised to intercept, monitor, and decrypt information generated, transmitted, received, or stored in any computer resource within designated service areas in Jammu and Kashmir and the northeastern states, including Assam.
Regrettably, the report does not furnish specific details regarding the nature of the equipment procured from Cognyte, leaving room for speculation and concern among stakeholders.
This latest development follows a revelatory report in 2022 by the Organized Crime and Corruption Reporting Project (OCCRP), which exposed how India’s domestic intelligence agency, the Intelligence Bureau (IB), had acquired hardware from NSO Group that matched the description of equipment used to deploy the Pegasus spyware.
Furthermore, in 2021, The Wire, in collaboration with an international consortium of news outlets spearheaded by French media non-profit Forbidden Stories, had exposed how phone numbers belonging to journalists, opposition leaders, government critics, and activists were listed as presumed targets of Pegasus. Subsequent forensic examinations conducted by Amnesty International’s Security Lab corroborated the presence of spyware on the devices of select activists and journalists.
The NSO Group has faced widespread censure from global quarters, particularly the United States, in the aftermath of these damning reports. While the company maintains that it only sells its spyware to “vetted governments,” it has steadfastly refused to disclose the identities of its client countries. Meanwhile, the Modi government has evoked the pretext of ‘national security’ to deflect queries and has refrained from confirming or denying the use of Pegasus in the Supreme Court.
In a revelatory report published by The New York Times last year, it was disclosed that India had indeed procured Pegasus from Israel as part of a more significant $2 billion defence deal consummated in 2017. As the ramifications of these developments continue to reverberate domestically and internationally, questions abound about the implications for privacy, surveillance, and civil liberties in the digital age and the need for robust regulatory frameworks to safeguard against abuse and overreach by state actors in the realm of cyberspace.
