Govt asks WhatsApp to explain hacking, says committed to protecting privacy
A spokesperson of the American company confirmed to Hindustan Times that the targets of the attack in India and other parts of Africa, Europe, the Middle East and North America included journalists and activists.Updated: Oct 31, 2019 21:51 IST
Union information technology minister Ravi Shankar Prasad said on Thursday India has sought an explanation from WhatsApp after nearly 1,400 users, including diplomats, political dissidents, journalists and senior government officials, in India and several other countries were the target of a hacking spree.
Government of India is concerned at the breach of privacy of citizens of India on the messaging platform Whatsapp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens. 1/4 pic.twitter.com/YI9Fg1fWro— Ravi Shankar Prasad (@rsprasad) October 31, 2019
“Government of India is concerned at the breach of privacy of citizens of India on the messaging platform Whatsapp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” Ravi Shankar Prasad said in a series of tweets.
A spokesperson of the American company confirmed to Hindustan Times that the targets of the attack in India and other parts of Africa, Europe, the Middle East and North America included journalists and activists.
However, they refused to give the exact number of people who were targeted or their identities but confirmed the number and said that the attack had taken place in May.
“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened,” the company said in a statement.
Adding that the attack was on civil society activists and journalists, they said they had filed a complaint in the US court that has now attributed it to Israel-based surveillance firm NSO Group and its parent company Q Cyber Technologies.
“Govt is committed to protecting privacy of all Indian citizens.Govt agencies have a well established protocol for interception, which includes sanction and supervision from highly ranked officials in central & state governments, for clear stated reasons in national interest (sic),” the minister wrote on Twitter.
Ravi Shankar Prasad also used the platform to slam the Congress party, without naming it, after its spokesperson Randeep Surjewala had questioned the government over the hacking and accused the Centre of snooping.
“Modi Government caught snooping! Appalling but not Surprising! After all, BJP Government fought against our right to privacy, set up a multi crore Surveillance Structure until stopped by Supreme Court. SC must take immediate cognisance and issue notice to BJP government (sic),” Surjewala had said.
The minister sought to “gently remind” those “trying to make political capital out of it” about several incidents of snooping under the Congress-led United Progressive Alliance (UPA) government.
“Those trying to make political capital out of it need to be gently reminded about the bugging incident in the office of the then eminent Finance Minister Pranab Mukherjee during UPA regime. Also a gentle reminder of the spying over the then Army Chief Gen. V. K. Singh,” he said.
“These are instances of breach of privacy of highly reputed individuals, for personal whims and fancies of a family,” he added.
An official at the ministry of information technology had said while speaking to HT earlier that they have asked WhatsApp for a response and sought an explanation.
The official, who didn’t want to be named, said this was a private group hacking into WhatsApp, which had its servers abroad and so was beyond the government’s purview.
Press Trust of India reported that the messaging service was asked to submit its reply by November 4.
WhatsApp had sued NSO Group on Tuesday for allegedly hacking the messaging platform to spy on about 1,400 users. It has also alleged that NSO exploited a vulnerability in its video-calling feature to conduct the cyber attacks.
The Citizen Lab, which is based in Toronto and is working with WhatsApp to find more about the May attack, says the spyware is developed and sold by an Israel-based company which has as its majority owner a European private equity firm called Novalpina Capital.
Experts working on the attack have said in their statement that “it sells its spyware strictly to government clients only, and all of its exports are undertaken in accordance with Israeli government export laws and oversight mechanisms. However, the number of cases in which their technology is used to target members of civil society continues to grow.”
The spyware has several brand names Pegasus or Q Suite which gets into a target’s phone in various ways, including one where they trick them into clicking a link.
It can vary, for example, in 2018, a confidant of murdered Washington Post journalist Jamal Khashoggi was targeted in Canada with a fake package notification.
Every month some 1.5 billion people use WhatsApp, which has often touted a high level of security, including end-to-end encrypted messages that cannot be deciphered by WhatsApp or other third parties.