Indian Authorities Were Warned Twice, 121 Nationals Snooped On: WhatsApp To Govt
121 Indians were targets of an extensive spy operation by engineering through Israeli spyware that broke into phones which had WhatsApp installed.
The Facebook-owned company had informed the government and its respective agencies in the last week of September, as reported by The Indian Express.
This was the second alert after the first one in May – which was about the exploitation of the app’s calling feature by hackers.
“Government of India is concerned at the breach of privacy of citizens of India on the messaging platform WhatsApp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” said Union Minister Ravi Shankar Prasad said on Friday, denying any involvement by the government.
“The government is committed to protecting the privacy of all Indian citizens. Government agencies have a well-established protocol for the interception, which includes sanction and supervision from highly ranked officials in central and state governments, for clearly stated reasons in the nation’s interest,” he added.
But the government, while rebutting WhatsApp’s claims of alerting officials in May said that WhatsApp had only informed them about the vulnerability of their app in “technical jargon” and had made no mention of Pegasus spyware and Indian users being targeted.
While the government has been engaging and debating faults over the issue, with the messaging platform, Israel’s NSO Group has rejected the allegations. The technological firm that made ‘Pegasus’ – the spyware in question – said, “Our technology is not designed or licensed for use against human rights activists and journalists. It is licensed only to vetted and legitimate government agencies,” it claimed.
India is WhatsApp’s biggest market with 400 million users. In a statement, the Facebook-owned company on Friday said it had “worked quickly to resolve the issue” after sending the first alert to the Indian authorities in May and the other in September. Both the alerts were reportedly sent to the Computer Emergency Response Team (CERT-In), a department under the Ministry of Electronics and Information Technology.
Speaking to Business Standard, Kamlesh Bajaj, founder-director of CERT-In said, “The Pegasus-WhatsApp breach has made it clear that devices can be broken into and even end-to-end encryption can be circumvented. CERT should be aware that platforms will be exploited. They should work directly with vendors like Microsoft, Google, and Facebook whose platforms get hacked or impacted,” he said.
WhatsApp has decided against disseminating information on the exact number of users targeted across the globe. Facebook, being the parent company, has sued the Israeli firm for $75,000 for illegally using WhatsApp servers to sneak Pegasus spyware into 1,400 phones across 20 countries.
In India, the targeted users reportedly comprised journalists, activists, lawyers and senior government officials.
Bela Bhatia, an activist working in Chhattisgarh, hinted at a deeper conspiracy behind the scandal. “The person who called me explained how I had been targeted, telling me that ‘we can clearly and categorically say your own government has done this’,” she told NDTV.