A series of media reports on Sunday indicated that military-grade malware from an Israel-based NSO Group had reportedly been used to journalists, human rights activists and political dissidents from across the globe. The list reportedly includes at least 300 verified mobile phone numbers from India, including those belonging to two serving ministers, over 40 journalists, three opposition leaders and one sitting judge.
The Indian government, however, has dismissed allegations of any kind of surveillance on its part on specific people, saying it "has no concrete basis or truth associated with it whatsoever". And NSO Group - a private Israeli Cyber security firm linked to the allegations - appears to be in agreement.
"After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims. In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit," the company wrote in a statement made available on its website.
In an interaction with news agency ANI, the company provided additional details. Authoritative sources within the NSO Group insisted that as a technology group, they had neither phone numbers nor data. "There is no server or computer with us where data is stored when our technology is given to a customer," they said.
Asked whether the company worked with the Indian government in any capacity, NSO group declined to answer. "I cannot refer to any customer, the list of countries that we sell Pegasus to is confidential information. I cannot speak about specific customers but the list of countries in this story is totally incorrect some are not even our clients," they said.
"We have reason to believe that they used some service like HLR lookup, it's a free service. Anybody can login, put in a number and get all data, including name, number, roaming, location. It is possible there was a breach in some service provider similar to HLR lookup. And if they are saying 50,000, it could be a random list like some sort of vaccination list. We don't know how they got it but this is not from any of our systems," the company added.