What’s Up? Explain breach, govt tell messaging forum

New Delhi: WhatsApp on Thursday said Indian journalists and human rights activists were among those globally spied upon by unnamed entities using an Israeli spyware Pegasus, leading to a furore over breach of citizens’ privacy. Following the disclosure by WhatsApp, the Indian government has asked the messaging platform to explain the matter and list out the measures that have been taken by it to safeguard privacy of millions of Indians. “Government of India is concerned at the breach of privacy of citizens of India on the messaging platform Whatsapp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” IT Minister Ravi Shankar Prasad said in a tweet.

WhatsApp had said it was suing NSO Group, an Israeli surveillance firm that is reportedly behind the technology that helped unnamed entities’ spies hack into phones of roughly 1,400 users spanning across four continents, including diplomats, political dissidents, journalists and senior government officials.

What has happened

WhatsApp has confirmed that at least two dozen journalists, academicians, Dalit and human rights activists, who represented those arrested in the Bhima Koregaon case were among those who have been targeted for surveillance for a two week period until May 2019. The hackers allegedly used an Israeli technology, Pegasus developed by Israeli firm, NSO to conduct cyberespionage. WhatsApp contacted the users and alerted them that their phones had been under surveillance.

A Canada-based cybersecurity group Citizen Lab in 2018, found suspected NSO Pegasus infections associated with 33 of the 36 operators in 45 countries including India. The report claims that it discovered an Indian link active from June 2017 to September 2018.

Arab human rights activists approached Citizen Lab after the suspicion that they were under surveillance.

Earlier, the NSO Group ended its agreement with Saudi Arabia after news emerged that the firm’s spyware had been used to target and track journalist Jamal Khashoggi before he was killed inside the Saudi Arabian consulate in Istanbul.

Lawsuit by WhatsApp

On Tuesday, WhatsApp filed a lawsuit against NSO Group, an Israeli tech company, in an American federal court for using its platform for conducting surveillance. However, NSO Group has denied any wrongdoing. In a statement, the company, based out of Tel Aviv, has said that it provides ‘authorized governments with technology that helps them combat terror and crime’. It has claimed that the spyware, Pegasus, has been sold only to ‘vetted and legitimate’ government agencies, and the same goes for India.

In May this year, WhatsApp said that it had “stopped a highly sophisticated cyber attack” that exploited its video calling feature. By simply calling the targeted phone, the attackers injected commercial spyware into the device, it said.

Following the attack, Citizen Lab, a multidisciplinary research group at the University of Toronto, offered to help WhatsApp identify cases where the ‘suspected targets of this attack were members of civil society, such as human rights defenders and journalists.’

How Pegasus hacked into WhatsApp

WhatsApp has alleged that Pegasus could send a link to a victim’s phone and can get installed on the phone even without the victim taking any action, like clicking on it or opening the message. In this case of May 2019, users received a missed video call on WhatsApp. The moment the phone rang, with just a miss call, the malware was allegedly installed on the victim’s phone.