Facebook-owned WhatsApp on Thursday said Indian journalists and human rights activists were among those globally spied upon by unnamed entities using an Israeli spyware Pegasus.
WhatsApp said it was suing NSO Group, an Israeli surveillance firm, that is reportedly behind the technology that helped unnamed entities' spies to hack into phones of roughly 1,400 users.
Names of several activists and journalists, who were being snooped on, surfaced on Thursday.
WhatsApp did not say on whose behest the phones of journalists and activists across the world were targeted.
Though it refused to divulge identities or the exact number of those targeted in India, several activists and journalists have come out and stated they were hit by this spyware.
These activists were alerted by Canada-based cybersecurity group Citizen Lab, informing them they were being snooped on.
Nihalsing Rathod, a human rights lawyer in Nagpur, who represents several of the accused in the Bhima Koregaon case, told Outlook that he was contacted by a senior researcher from Citizen Lab, John Scot-Railton.
"He told me my phone was targeted by sophisticated spyware through which my phone could be remotely accessed," Rathod said.
Rathod said he was told by the Citizen Lab it was the Indian government that was snooping on him. "They did not specify which department or the ministry was spying on me, but they clearly said it was our my own government," he added.
But Rathod said it was not just the question of snooping. He believes that the government is trying to implicate him. "They are trying to dump incriminating files into my system and implicate me," he said.
Rathod says it is not the first time he has been targeted of a malware. "Since 2017, I have been getting suspicious emails with attachments related to my cases. When I open them, nothing appears." He says it is a modus operandi by the government to frame me and keep track of my activities.
Rathod is among at least 1,400 people globally whose phone devices have been compromised by this spyware.
Rathod also said he had been receiving suspicious WhatsApp calls from international numbers since 2018. He also wrote to the WhatsApp raising his concerns over the nature of the calls.
Sidhnat Sibal, diplomatic and defence correspondent for Wion TV channel, confirmed to the Outlook that he was also targeted by the spyware. He said he was contacted by WhatsApp some time ago and informed that his phone was compromised and he was being snooped on.
Bela Bhatia, an activist in Bastar region of Chhattisgarh, told Outlook that she was also contacted by a researcher from Citizen Lab who identified himself as John Scott- Railton.
"He wrote a longish message introducing himself and Citizen Lab. He provided an internet link to Citizen Lab and also attached a short video introducing himself. He emphasised that it was important that we speak soon.
"After receiving my agreement, he called. He said that my phone number was on a list provided by WhatsApp to Citizen Lab of person's whose phone had been spied into in Apri-May this year by spyware called Pegasus," Bhatia said.
Bhatia says it was like "carrying a spy in your pocket". The researcher told her that the spyware "spied into the room or environment it was in. It could also spy into whatever else one's SIM was linked to. In short, it could snoop into all aspects of your life."
Bhatia said the Citizen Lab researcher informed her that "all circumstantial evidence showed that it is the Indian government" spying on her.
Bhatia, an advocate of Adivasi rights, has earlier received threats and been accused of being a ‘Naxal sympathiser’.
"I see this (snooping) as a part of ongoing state surveillance of human rights activists, lawyers, journalists, social and political workers and scholars/teachers who are working with exploited, oppressed and marginalised sections of Indian society, especially Dalits and Adivasis," she added.
Users like these span across four continents and included diplomats, political dissidents, journalists and senior government officials.
The spyware requires a target to click on an "exploit link" which lets the operator penetrate the victim's security features on the phone and install Pegasus without the user knowing. Once spyware is installed, the operator can access the user's private data including passwords, contact lists and text messages. It can also access the live voice calls of the user.
The scary part: the operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.
The government has sought a detailed response from WhatsApp on the issue and asked it to submit its reply by November 4.