WhatsApp has confirmed that at least two dozen academics, lawyers, Dalit activists and journalists in India were under state-of-the-art surveillance for a two-week period until May 2019.
The alarming revelation made by the messaging application has come out of a lawsuit filed on Tuesday in a US federal court in San Francisco.
WhatsApp has alleged that NSO Group, an Israeli surveillance firm, had targeted around 1,400 WhatsApp users with a spyware technology called ‘Pegasus’.
Facebook-owned WhatsApp has said that journalists and human rights activists in India have been targets of surveillance among the hundreds whose privacy has been attacked.
While WhatsApp refused to reveal the identities and “exact number” of those targeted for surveillance in India, its spokesperson told The Indian Express that WhatsApp had contacted each of them separately.
“Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number,” a WhatsApp spokesperson said.
Although the identities were not revealed by the messaging platform, Newslaundry found Bela Bhatia, Nihal Singh Rathod, Degree Prasad Chouhan, Anand Teltumbde, Sidhant Sibal, Shalini Gera, and Rupali Jadhav to be among the Indians who were subjected to secretive spying.
Pegasus, the Israeli spyware, monitored its targets by convincing them to click on a specially crafted ‘exploit link’ which allowed the remote operators to penetrate the security features on a phone and install Pegasus without the user’s knowledge or permission.
On such stealth installation, Pegasus begins executing the operators’ commands and sends back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.
In the lawsuit against the NSO Group, WhatsApp alleged that the company violated US and California laws as well as WhatsApp’s terms of service which prohibited this type of abuse.
“We believe this attack targeted at least 100 members of civil society which is an unmistakable pattern of abuse. This number may grow higher as more victims come forward,” it said.
The NSO Group, in a statement, said: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists.”
The NSO Group claims Pegasus has been sold only to government agencies. “We license our product only to vetted and legitimate government agencies”.
Early this year in May, WhatsApp discovered that attackers were able to install surveillance software on iPhones and Android phones by ringing the targets using the app’s call function. The malicious code, developed by NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, leaving the phone owners unaware of any hint of a cybersecurity threat.
After these doubts were first raised in May, the NSO Group said it put in place a ‘Human Rights Policy’ on September 19, 2019, which “further embeds human rights protections throughout our business and governance systems”.
WhatsApp additionally said that the attack exploited its video calling system in order to send malware to the mobile devices of a number of users. The malware would allow NSO’s clients – governments and intelligence organizations – to spy on a phone, opening the owner’s digital life for official scrutiny.
With an approximate of 1.5 billion monthly users, 400 million of who are Indians, the messaging platform has often assured end-to-end encryption of messages claiming that it cannot be deciphered by third parties and WhatsApp itself.
In a series of tweets, Information Technology Minister Ravi Shankar Prasad said that the Indian government was very concerned about its citizens’ privacy and has officially asked WhatsApp to rise to the occasion and explain itself for such breaches. Ironically, NSO Group has said that it sells its software only to governments and intelligence agencies.
Government of India is concerned at the breach of privacy of citizens of India on the messaging platform Whatsapp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens. 1/4 pic.twitter.com/YI9Fg1fWro
— Ravi Shankar Prasad (@rsprasad) October 31, 2019
Also Read: Whatsapp Breached: Users Asked To Install The Latest Security Update As A Cautionary Measure