Dalai Lama’s inner circle listed in Pegasus project data


China’s nearest observation posts are hundreds of miles from Dharamsala, the city in the foothills of the Indian Himalayas that hosts Tibet’s government-in-exile and its highest spiritual leader, the Dalai Lama. Still, Tibetans there have often felt closely watched.

Suspected Chinese spies have regularly been detected in the hill station. A decade ago, a digital security specialist watched in disbelief as sensitive files on Tibetan government computers were extracted on the screen before his eyes – activity that led to the unearthing of a massive cyber-espionage network, known as GhostNet, which was largely traced to Chinese servers.

Surveillance technology has evolved, and leaked data points to another possible interest in Tibetan communications – this time from a less obvious source.

The phone numbers of a top ring of advisers around the Dalai Lama are believed to have been selected as those of people of interest by government clients of NSO Group. Analysis strongly indicates that the Indian government was selecting the potential targets.

Quick GuideShow

What is in the data leak?

The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group, which sells surveillance software. The data also contains the time and date that numbers were selected, or entered on to a system. Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International initially had access to the list and shared access with 16 media organisations including the Guardian. More than 80 journalists have worked together over several months as part of the Pegasus project. Amnesty’s Security Lab, a technical partner on the project, did the forensic analyses.

What does the leak indicate?

The consortium believes the data indicates the potential targets NSO’s government clients identified in advance of possible surveillance. While the data is an indication of intent, the presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempt succeeded. The presence in the data of a very small number of landlines and US numbers, which NSO says are “technically impossible” to access with its tools, reveals some targets were selected by NSO clients even though they could not be infected with Pegasus. However, forensic examinations of a small sample of mobile phones with numbers on the list found tight correlations between the time and date of a number in the data and the start of Pegasus activity – in some cases as little as a few seconds.

What did forensic analysis reveal?

Amnesty examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration. For the remaining 30, the tests were inconclusive, in several cases because the handsets had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, phones that use Android do not log the kinds of information required for Amnesty’s detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Amnesty shared “backup copies” of four iPhones with Citizen Lab, a research group at the University of Toronto that specialises in studying Pegasus, which confirmed that they showed signs of Pegasus infection. Citizen Lab also conducted a peer review of Amnesty’s forensic methods, and found them to be sound.

Which NSO clients were selecting numbers?

While the data is organised into clusters, indicative of individual NSO clients, it does not say which NSO client was responsible for selecting any given number. NSO claims to sell its tools to 60 clients in 40 countries, but refuses to identify them. By closely examining the pattern of targeting by individual clients in the leaked data, media partners were able to identify 10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. Citizen Lab has also found evidence of all 10 being clients of NSO.

What does NSO Group say?

You can read NSO Group’s full statement here. The company has always said it does not have access to the data of its customers’ targets. Through its lawyers, NSO said the consortium had made “incorrect assumptions” about which clients use the company’s technology. It said the 50,000 number was “exaggerated” and that the list could not be a list of numbers “targeted by governments using Pegasus”. The lawyers said NSO had reason to believe the list accessed by the consortium “is not a list of numbers targeted by governments using Pegasus, but instead, may be part of a larger list of numbers that might have been used by NSO Group customers for other purposes”. They said it was a list of numbers that anyone could search on an open source system. After further questions, the lawyers said the consortium was basing its findings “on misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers' targets of Pegasus or any other NSO products ... we still do not see any correlation of these lists to anything related to use of NSO Group technologies”. Following publication, they explained that they considered a "target" to be a phone that was the subject of a successful or attempted (but failed) infection by Pegasus, and reiterated that the list of 50,000 phones was too large for it to represent "targets" of Pegasus. They said that the fact that a number appeared on the list was in no way indicative of whether it had been selected for surveillance using Pegasus. 

What is HLR lookup data?

The term HLR, or home location register, refers to a database that is essential to operating mobile phone networks. Such registers keep records on the networks of phone users and their general locations, along with other identifying information that is used routinely in routing calls and texts. Telecoms and surveillance experts say HLR data can sometimes be used in the early phase of a surveillance attempt, when identifying whether it is possible to connect to a phone. The consortium understands NSO clients have the capability through an interface on the Pegasus system to conduct HLR lookup inquiries. It is unclear whether Pegasus operators are required to conduct HRL lookup inquiries via its interface to use its software; an NSO source stressed its clients may have different reasons – unrelated to Pegasus – for conducting HLR lookups via an NSO system.

Thank you for your feedback.

Other phone numbers apparently selected by Delhi were those of the president of the government-in-exile, Lobsang Sangay, staff in the office of another Buddhist spiritual leader, the Gyalwang Karmapa, and several other activists and clerics who are part of the exiled community in India.

NSO’s Pegasus spyware allows clients to infiltrate phones and extract their calls, messages and location. The selected Tibetans did not make their phones available to confirm whether any hacking was attempted or successful, but technical analysis of 10 other phones on the suspected Indian client list found traces of Pegasus or signs of targeting related to the spyware.

Traces of Pegasus were found on 37 of the 67 phones in the data that were analysed by Amnesty International’s security lab. Of the 48 iPhones examined that had not been reset or replaced since they appeared in the records, 33 carried traces of Pegasus or signs of attempted infection. iPhones log the information that can reveal infection by the spyware.

The data may provide a glimpse at the delicate relationship between Tibet’s exiles and the Indian government, which has provided refuge for the movement since its leaders fled a Chinese crackdown in 1959, while also viewing it as leverage – and sometimes a liability – in its own relationship with Beijing.

The possible scrutiny of Tibetan spiritual and government leaders points to a growing awareness in Delhi, as well as in western capitals, of the strategic importance of Tibet as their relationships with China have grown more tense over the past five years.

It also highlights the growing urgency of the question of who will follow the current Dalai Lama, 86, a globally acclaimed figure whose death is likely to trigger a succession crisis that is already drawing in world powers. Last year the US made it a policy to impose sanctions against any government that interfered with the selection process.

The records suggest Tibetan leaders were first selected in late 2017, in the period before and after the former US president Barack Obama met the Dalai Lama privately on a foreign tour that also included earlier stops in China.

Senior advisers to the Dalai Lama whose numbers appear in the data include Tempa Tsering, the spiritual leader’s long-time envoy to Delhi, and the senior aides Tenzin Taklha and Chhimey Rigzen, as well as Samdhong Rinpoche, the head of the trust that has been tasked with overseeing the selection of the Buddhist leader’s successor.

Dalai Lama’s inner circle listed in Pegasus project data
Tempa Tsering, right, the chief representative of the Dalai Lama in Delhi, speaks to the media alongside his wife, the Dalai Lama’s sister Jetsun Pema. Photograph: Yoshikazu Tsuno/AFP/Getty Images

The Dalai Lama, who has spent the past 18 months isolating in his compound in Dharamsala, is not known to carry a personal phone, according to two sources.

Following the launch of the Pegasus project, India’s IT minister, Ashwini Vaishnaw, said the project’s claims about Indian surveillance were an “attempt to malign Indian democracy and its well-established institutions”. He told parliament: “The presence of a number on the list does not amount to snooping ... there is no factual basis to suggest that use of the data somehow amounts to surveillance.”

India could have several motives for possible spying on Tibetan leaders but some in Dharamsala have concluded the question of succession may be a driving force. Naming successors to the Dalai Lama has sometimes taken years after the death of the title holder, and is usually led by the monk’s senior disciples, who interpret signs that lead them to the child next in line.

But China views the next Dalai Lama as a potential separatist leader who could weaken its authoritarian grip on Tibet. It has claimed the sole right to control the selection process, and analysts say it is already pressuring neighbours such as Nepal and Mongolia to rule out recognising any successor but its own.

Dalai Lama’s inner circle listed in Pegasus project data
A Buddhist monk walks near the temple of Tsuglagkhang, popularly known as the Dalai Lama temple, at sunset in McLeod Ganj, near Dharamsala. Photograph: Sanjay Baid/EPA

Beijing is also contacting influential Buddhist teachers and clerics around the world, including some based in India, inviting them to China to try to lay the groundwork for its choice and muddy support for any candidate chosen by the Dalai Lama’s followers.

These entreaties to Buddhist leaders and other interference in the succession process have been viewed warily by India’s security agencies, who may have sought to closely monitor an issue with huge implications for Delhi’s own relationship with China – but where its direct influence and control is limited.

“India wants to make sure that Tibetans don’t strike a deal with the Chinese that involves the Dalai Lama going back to Tibet,” said a former staffer with the Tibetan administration, who asked not to be named.

India may also be seeking to monitor continuing informal contact between Chinese officials and Tibetan leaders. The Dalai Lama revealed two years ago that India had vetoed his plans to try to meet Xi Jinping when the Chinese president visited India in 2014.

“The Dalai Lama himself has said several times that he maintains connections to the Chinese leadership through ‘old friends’,” the former Tibetan government staffer said. “India is very aware of this and they want to make sure that no deals are made without their knowing or involvement.”

Delhi officially backs negotiations on the status of Tibet, but a recent Indian thinktank report suggested the country’s intelligence agencies had not always been supportive of the Dalai Lama’s “middle way”, a blueprint to resolve the dispute by recognising Chinese sovereignty over Tibet but granting the province meaningful autonomy.

Other motives for possible monitoring of Tibetan leaders may be more straightforward, including that the Dalai Lama and the community around him are a magnet for sensitive information about Tibet and regularly meet dignitaries from around the world.

“I would assume that India would pay close attention to, for example, western officials coming to Dharamsala – I think they’d want to monitor that in detail,” said Prof Robert Barnett, the former director of the Tibet studies programme at Columbia University. “Perhaps, is the Dalai Lama asking them for asylum? I think that kind of concern would matter a lot to them.”

In multiple statements, NSO said the fact a number appeared on the leaked list was in no way indicative of whether it was selected for surveillance using Pegasus. “The list is not a list of Pegasus targets or potential targets,” the company said. “The numbers in the list are not related to NSO Group in any way.

Q&AShow

The Pegasus project is a collaborative journalistic investigation into the NSO Group and its clients. The company sells surveillance technology to governments worldwide. Its flagship product is Pegasus, spying software – or spyware – that targets iPhones and Android devices. Once a phone is infected, a Pegasus operator can secretly extract chats, photos, emails and location data, or activate microphones and cameras without a user knowing.

Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International had access to a leak of more than 50,000 phone numbers selected as targets by clients of NSO since 2016. Access to the data was then shared with the Guardian and 16 other news organisations, including the Washington Post, Le Monde, Die Zeit and Süddeutsche Zeitung. More than 80 journalists have worked collaboratively over several months on the investigation, which was coordinated by Forbidden Stories.

Thank you for your feedback.

The Tibetan movement, like other stateless groups, is vulnerable to cyber-attacks but not entirely defenceless. The US government has for more than a decade funded digital security consultants to fortify Tibetan computer networks. Leaders are briefed that any of their devices could be breached at any time and they should act accordingly.

Tibetan leaders closely study security strategies pioneered for other exile and dissident groups, including flooding their phones and emails with confusing and contradictory information, which can tie up intelligence agencies as they try to sift truth from fiction. Other strategies include setting up “minefields”, servers and devices that appear genuine but are actually decoys that feed attackers false information and allow their hacking attempts to be studied.