India asks WhatsApp to explain privacy breach by Israeli spyware

Facebook permanently deletes the accounts of NSO workers

WhatsApp spyware was used to snoop on 2 dozen Indian activists and journalists (Updated)

For those unaware, the report of spying on Indian journalists and human right activitists came just days after WhatsApp sued Israeli surveillance firm NSO Group for allegedly hacking into phones of about 1,400 users spread across four continents.

WhatsApp has said that Indian users were among those hit by the Pegasus surveillance attack and that the company reached out to the affected users this week. Of these, 21 were journalists, lawyers and activists, this person said, asking not to be named.

This isn't the first time that the NSO Group has made headlines. The malware would allow NSO's clients - said to be governments and intelligence organisations - to secretly spy on a phone's owner, opening their digital lives up to scrutiny. "The person did not even have to answer the call", Will Cathcart, Facebook's head of WhatsApp, wrote in an October 29 op-ed published by The Washington Post.

NSO Group has also claimed that it sells its product (Pegasus, in this case) only to "vetted and legitimate government agencies". Researchers from Citizen Lab have since 2016 assisted potential targets who were spied upon using it - including people linked to murdered Saudi activist Jamal Khashoggi.

WhatsApp has since patched the exploit. Novalpina is a European Private Equity firm, and has acquired majority stake in NSO Group.

'EXPANSION IN SURVEILLANCE POWER' "There is a tremendous expansion of the existing surveillance power of the government", said Gupta of IFF, which has challenged in the Supreme Court the December 2018 notification of the home ministry authorising 10 central agencies to intercept, monitor and decrypt any computer information.

Cathcart asserted that WhatsApp was committed to the fundamental right to privacy and that it is working to stay ahead of those who seek to violate that right. Based on the analysis of data movement patterns on the internet, the lab believes Abdulaziz's phone has been infected and that "the targeting occurred while Abdulaziz, who received asylum in Canada, was attending university in Quebec". "I vividly remember getting video calls on WhatsApp from an worldwide number and the country code was Sweden". The accounts were created to place the calls that injected the spyware, the lawsuit says.

In India, Chhattisgarh-based activist Shalini Gera, Nagpur-based lawyer Nihalsing Rathod, Adivasi rights activist Bela Bhatia, academic on Dalit issues Anand Teltumbde and former BBC journalist Shubhranshu. "I am a Hindi journalist, with little knowledge of how these technologies work. What to do? I don't know how to live in this country", he said.

Facebook, however, did not provide any details about NSO Group's client but said that attacks focused on devices located in Mexico, Bahrain and the UAE.

The Pegasus spyware requires you to click an exploit link, enabling the hacker to use known vulnerabilities in WhatsApp to penetrate security features on the phone.

The Indian government on Thursday moved swiftly to counter the WhatsApp snooping row by seeking an explanation from the Facebook-owned messaging platform for privacy breach.

The Pegasus spyware of the NSO Group can silently infiltrate both iOS and Android devices through a missed call, even if the call is not answered.

NSO denied the allegations.

The Israeli NSO, the cybersecurity company believed to have used the spyware, said, "Our technology is not designed or licensed for use against human rights activists and journalists" and is licensed only to "vetted and legitimate government agencies".

Latest News