In a startling revelation, WhatsApp messaging app has confirmed that journalists and human rights activists in India were targeted by Israeli NSO Group who used spyware Pegasus to snoop on them.
According to a report in The Indian Express, the revelation comes after a lawsuit was filed in a US federal court in which Facebook-owned WhatsApp alleged that NSO group spied on at least 14,00 WhatsApp users using spyware Pegasus.
“Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number,” The Indian Express quoted a WhatsApp spokesperson as saying.
WhatsApp said it contacted and alerted at least two dozen academics, lawyers, Dalit activists and journalists in India who had been under state-of-the-art surveillance for a two-week period until May 2019.
“We believe this attack targeted at least 100 members of civil society which is an unmistakable pattern of abuse. This number may grow higher as more victims come forward,” it said.
The spyware requires a target to click on an "exploit link" which lets the operator penetrate the victim's security features on the phone and install Pegasus without the user knowing. Once spyware is installed, the operator can access the user's private data including passwords, contact lists and text messages. It can also access the live voice calls of the user.
The scary part: the operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.
"In the latest vulnerability, the subject of the lawsuit, clicking the ‘exploit link’ may also not be required and a missed video call on WhatsApp will have enabled opening up the phone, without a response from the target at all," the report said.
WhatsApp alleged that the NSO Group and Q Cyber Technologies violated the US and California laws as well as WhatsApp’s terms of service which prohibit such surveillance.
On its part, the NSO Group, in a statement, refuted the allegations and said: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists.”
Interestingly, the NSO Group said spyware Pegasus has been sold only to government agencies. “We license our product only to vetted and legitimate government agencies.”
In September 2018, Canada-based cybersecurity group Citizen Lab said: “We found suspected NSO Pegasus infections associated with 33 of the 36 Pegasus operators we identified in 45 countries” including India.
While the messages on WhatsApp are encrypted and secure, sources in WhatsApp said a device is corrupted by a malware, it makes the device vulnerable to breach of privacy, "often endangering freedoms and sometimes lives".