Praful Patel, 40 others among WhatsApp users snooped on
The people, whose WhatsApp accounts are safe for now, the company representative said, were contacted either by Toronto-based research group Citizen Lab or WhatsApp to be informed of the spying.
Several human rights activists, lawyers and journalists in India came forward on Thursday to say that they had been identified as targets of a phone hack aimed at snooping on them, a day after popular messaging service WhatsApp went public with allegations against an Israeli firm for having misused its platform to aid spying on around 1,400 people spread across the world.
The people targeted in India include former Union minister Praful Patel and former Lok Sabha MP Santosh Bharatiya, a WhatsApp official said, and added that the company had identified 41 people in all. Of these, 21 were journalists, lawyers and activists, this person said, asking not to be named.
The people, whose WhatsApp accounts are safe for now, the company representative said, were contacted either by Toronto-based research group Citizen Lab or WhatsApp to be informed of the spying, which may or may not have been successful.
Also Watch: Spyware attack on Indians via WhatsApp? | ‘Pegasus’ controversy explained
“They told me that I was one of 1,400 people [globally] who was the target of an attempted spying attack,” said a 32-year old diplomatic correspondent in New Delhi, who received a call from Citizen Lab last month.
Patel, who was alerted by a message sent out by WhatsApp, said he did not remember being approached. “It’s possible that many did not pay heed to the message,” the WhatsApp official quoted above said, reiterating that at least one of Patel’s phones was targeted by the Israeli software.
The software in question is developed by NSO Group and is known mostly as Pegasus, though it has also been sold as Q Suite. Researchers from Citizen Lab have since 2016 assisted potential targets who were spied upon using it – including people linked to murdered Saudi activist Jamal Khashoggi.
Pegasus, technically a malware, allows a near-complete control of the target’s phone, enabling access to files, communications and even microphone and camera. It can be delivered to targets in several ways, but the method that drew most attention exploited a flaw in WhatsApp’s code that made it possible for the hack to be carried out without any user intervention and go completely undetected.
While neither the researchers at Citizen Lab nor WhatsApp identified the people who purchased NSO Group’s services for the alleged snooping, the company said it only provides “technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime”.
Information technology (IT) minister Ravi Shankar Prasad said the government had asked WhatsApp for its response to this incident and an explanation. The ministry of home affairs said in a statement that “the government of India operates strictly as per provisions of law and laid down protocols.”
“There are adequate safeguards to ensure that no innocent citizen is harassed or his privacy breached,” the statement added.
Several of the others who confirmed being contacted either by Citizen Lab or WhatsApp included Chhattisgarh-based lawyers and human rights activists. “Citizen Lab got in touch with me on October 5... I got a message from WhatsApp two days ago, on October 29,” said lawyer Shalini Gaira.
The Citizen Lab representative who spoke to her asked if she received a call between February and May 2019. “I vividly remember getting video calls on WhatsApp from an international number and the country code was Sweden. The time of the call fit in the period,” she said.
Social and environmental activist Vivek Sundara, Chhattisgarh-based peace activist and former BBC journalist Shubhranshu Choudhary, activist Bela Bhatia and Asomiya Pratidin’s Delhi bureau chief Ashish Gupta told HT that they too were contacted.
Former MP Bharatiya said he ignored the messages as he wasn’t sure of the authenticity of either the Citizen Lab researcher or WhatsApp’s messages. “I am a Hindi journalist, with little knowledge of how these technologies work. I don’t know why I was even targeted,” he said.
The disclosures on Thursday also triggered a political war, with Congress leader Rahul Gandhi saying: “The govt seeking WhatsApp’s response on who bought Pegasus to spy on Indian citizens, is like Modi asking Dassault who made money on the sale of RAFALE jets to India! (sic)”.
WhatsApp sued NSO Group on Tuesday, accusing it of helping governments break into the phones of the users, including diplomats, political dissidents and senior government officials. WhatsApp said the attack exploited its video calling system in order to send malware to the mobile devices of the targets.
The lawsuit seeks to have NSO barred from accessing or attempting to access WhatsApp and Facebook’s services and seeks unspecified damages.
NSO’s phone hacking software has already been implicated in a series of human rights abuses across Latin America and the Middle East, including a sprawling espionage scandal in Panama and an attempt to spy on an employee of the London-based rights group, Amnesty International.
NSO denied the allegations. “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” NSO said in a statement. “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime.”