China’s nearest observation posts are hundreds of miles from Dharamsala, the city in the foothills of the Indian Himalayas that hosts Tibet’s government-in-exile and its highest spiritual leader, the Dalai Lama. Still, Tibetans there have often felt closely watched.
Suspected Chinese spies have regularly been detected in the hill station. A decade ago, a digital security specialist watched in disbelief as sensitive files on Tibetan government computers were extracted on the screen before his eyes – activity that led to the unearthing of a massive cyber-espionage network, known as GhostNet, which was largely traced to Chinese servers.
Surveillance technology has evolved, and leaked data points to another possible interest in Tibetan communications – this time from a less obvious source.
The phone numbers of a top ring of advisers around the Dalai Lama are believed to have been selected as those of people of interest by government clients of NSO Group. Analysis strongly indicates that the Indian government was selecting the potential targets.
Other phone numbers apparently selected by Delhi were those of the president of the government-in-exile, Lobsang Sangay, staff in the office of another Buddhist spiritual leader, the Gyalwang Karmapa, and several other activists and clerics who are part of the exiled community in India.
NSO’s Pegasus spyware allows clients to infiltrate phones and extract their calls, messages and location. The selected Tibetans did not make their phones available to confirm whether any hacking was attempted or successful, but technical analysis of 10 other phones on the suspected Indian client list found traces of Pegasus or signs of targeting related to the spyware.
Traces of Pegasus were found on 37 of the 67 phones in the data that were analysed by Amnesty International’s security lab. Of the 48 iPhones examined that had not been reset or replaced since they appeared in the records, 33 carried traces of Pegasus or signs of attempted infection. iPhones log the information that can reveal infection by the spyware.
The data may provide a glimpse at the delicate relationship between Tibet’s exiles and the Indian government, which has provided refuge for the movement since its leaders fled a Chinese crackdown in 1959, while also viewing it as leverage – and sometimes a liability – in its own relationship with Beijing.
The possible scrutiny of Tibetan spiritual and government leaders points to a growing awareness in Delhi, as well as in western capitals, of the strategic importance of Tibet as their relationships with China have grown more tense over the past five years.
It also highlights the growing urgency of the question of who will follow the current Dalai Lama, 86, a globally acclaimed figure whose death is likely to trigger a succession crisis that is already drawing in world powers. Last year the US made it a policy to impose sanctions against any government that interfered with the selection process.
The records suggest Tibetan leaders were first selected in late 2017, in the period before and after the former US president Barack Obama met the Dalai Lama privately on a foreign tour that also included earlier stops in China.
Senior advisers to the Dalai Lama whose numbers appear in the data include Tempa Tsering, the spiritual leader’s long-time envoy to Delhi, and the senior aides Tenzin Taklha and Chhimey Rigzen, as well as Samdhong Rinpoche, the head of the trust that has been tasked with overseeing the selection of the Buddhist leader’s successor.
The Dalai Lama, who has spent the past 18 months isolating in his compound in Dharamsala, is not known to carry a personal phone, according to two sources.
Following the launch of the Pegasus project, India’s IT minister, Ashwini Vaishnaw, said the project’s claims about Indian surveillance were an “attempt to malign Indian democracy and its well-established institutions”. He told parliament: “The presence of a number on the list does not amount to snooping ... there is no factual basis to suggest that use of the data somehow amounts to surveillance.”
India could have several motives for possible spying on Tibetan leaders but some in Dharamsala have concluded the question of succession may be a driving force. Naming successors to the Dalai Lama has sometimes taken years after the death of the title holder, and is usually led by the monk’s senior disciples, who interpret signs that lead them to the child next in line.
But China views the next Dalai Lama as a potential separatist leader who could weaken its authoritarian grip on Tibet. It has claimed the sole right to control the selection process, and analysts say it is already pressuring neighbours such as Nepal and Mongolia to rule out recognising any successor but its own.
Beijing is also contacting influential Buddhist teachers and clerics around the world, including some based in India, inviting them to China to try to lay the groundwork for its choice and muddy support for any candidate chosen by the Dalai Lama’s followers.
These entreaties to Buddhist leaders and other interference in the succession process have been viewed warily by India’s security agencies, who may have sought to closely monitor an issue with huge implications for Delhi’s own relationship with China – but where its direct influence and control is limited.
“India wants to make sure that Tibetans don’t strike a deal with the Chinese that involves the Dalai Lama going back to Tibet,” said a former staffer with the Tibetan administration, who asked not to be named.
India may also be seeking to monitor continuing informal contact between Chinese officials and Tibetan leaders. The Dalai Lama revealed two years ago that India had vetoed his plans to try to meet Xi Jinping when the Chinese president visited India in 2014.
“The Dalai Lama himself has said several times that he maintains connections to the Chinese leadership through ‘old friends’,” the former Tibetan government staffer said. “India is very aware of this and they want to make sure that no deals are made without their knowing or involvement.”
Delhi officially backs negotiations on the status of Tibet, but a recent Indian thinktank report suggested the country’s intelligence agencies had not always been supportive of the Dalai Lama’s “middle way”, a blueprint to resolve the dispute by recognising Chinese sovereignty over Tibet but granting the province meaningful autonomy.
Other motives for possible monitoring of Tibetan leaders may be more straightforward, including that the Dalai Lama and the community around him are a magnet for sensitive information about Tibet and regularly meet dignitaries from around the world.
“I would assume that India would pay close attention to, for example, western officials coming to Dharamsala – I think they’d want to monitor that in detail,” said Prof Robert Barnett, the former director of the Tibet studies programme at Columbia University. “Perhaps, is the Dalai Lama asking them for asylum? I think that kind of concern would matter a lot to them.”
In multiple statements, NSO said the fact a number appeared on the leaked list was in no way indicative of whether it was selected for surveillance using Pegasus. “The list is not a list of Pegasus targets or potential targets,” the company said. “The numbers in the list are not related to NSO Group in any way.
The Tibetan movement, like other stateless groups, is vulnerable to cyber-attacks but not entirely defenceless. The US government has for more than a decade funded digital security consultants to fortify Tibetan computer networks. Leaders are briefed that any of their devices could be breached at any time and they should act accordingly.
Tibetan leaders closely study security strategies pioneered for other exile and dissident groups, including flooding their phones and emails with confusing and contradictory information, which can tie up intelligence agencies as they try to sift truth from fiction. Other strategies include setting up “minefields”, servers and devices that appear genuine but are actually decoys that feed attackers false information and allow their hacking attempts to be studied.