In an astonishing revelation, Facebook-owned messaging app WhatsApp has said that its messaging service was used to conduct cyberespionage on Indian journalists, human rights activists and others by Israeli technology firm NSO Group using spyware Pegasus.
The messaging app did not reveal their identities and details of those targeted for surveillance. However, it confirmed that the numbers of people snooped could be higher.
The messaging app, as per the Indian Express report, alerted at least two dozen academics, lawyers, Dalit activists and journalists in India. All these peoples phones had been under state-of-the-art surveillance for two weeks until May 2019 (From April 29- May 10).
Meanwhile, an NDTV report revealed few of the names of surveillance targets that include Nihal Singh Rathod, a human rights lawyer representing several accused in the Bhima-Koregaon case, activist Bela Bhatia, lawyer-activist Degree Prasad Chauhan, human rights activist Anand Teltumbde and journalist Sidhant Sibal.
“The person who called me explained how I had been targeted, and the person clearly told me ‘we can clearly and categorically say your own government has done this,” Bela Bhatia told NDTV.
While the Indian govt is yet to respond to the allegations, its sources denied snooping allegations. IT ministry has sought a response from WhatsApp on spyware issue before Monday.
The startling revelation comes after WhatsApp filed a lawsuit in US federal court of California against NSO Group alleging for targeting its 1,400 users with Pegasus.
In the lawsuit against the NSO Group and Q Cyber Technologies, it alleged they violated both US and California laws as well as the WhatsApp Terms of Service, which prohibits this type of abuse.
It alleged spyware gets into the user’s phone when the person receives a video call. As the phone rings, the attacker transmits a malicious code and the spyware is installed even if the user does not answer the call at all.
“Defendants caused their malicious code to be transmitted over WhatsApp servers in an effort to infect approximately 1,400 Target Devices,” it added.
It further complains that Pegasus, which is allegedly designed to extract information, could remotely and covertly extract valuable intelligence from virtually any mobile device.
The Target Users included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials from several countries including the Kingdom of Bahrain, the United Arab Emirates, and Mexico.
Now, the messaging app is seeking a permanent injunction banning NSO and more than $75,000 in damages. This is the first time that Facebook-owned firm is taking legal action against a private entity that has carried out this type of attack against its users.
However, the NSO group denied the allegations and said that its offer license products to only legitimate government agencies.
Our technology is not designed or licensed for use against human rights activists and journalists, it said in a statement.