As the revelation by Whatsapp that Indian scribes and human rights activists were among users targeted by an Israeli spyware created a storm, the IT Ministry on Thursday asked the Facebook-owned messaging platform to explain the breach. In a separate statement, the Home Ministry said attempts to malign the government for the reported breach were completely misleading and “strict action” would be taken against those found guilty of violating the law.
In a tweet, Information and Technology Minister Ravi Shankar Prasad said the government was “concerned” at the breach of privacy of citizens of India on WhatsApp.
“We have asked WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” Prasad said, while assuring that the government was committed to protecting the privacy of all Indian citizens.
“Government agencies have a well-established protocol for an interception from highly ranked officials in central and state governments for clear stated reasons in the national interest,” the Union Minister further said.
To monitor a target, a Pegasus operator must convince a target to click on a specially crafted ‘exploit link’ which allows the operator to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission. Once the phone is exploited and Pegasus installed, it begins contacting the operator’s command and control servers to receive and execute operator commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity. In the latest vulnerability, the subject of the lawsuit, clicking the ‘exploit link’ may also not be required and a missed video call on WhatsApp will have enabled opening up the phone, without a response from the target at all.
The Home Ministry also tried to allay fears, saying there were adequate safeguards to ensure that no innocent citizen was harassed or his privacy breached. The MHA further said the government was committed to protect the fundamental rights of citizens, including right to privacy.
“Some statements have appeared based on reports in media, regarding breach of privacy of Indian citizens on Whatsapp. These attempts to malign the government for the reported breach are completely misleading,” it said in a statement.
Government of India is concerned at the breach of privacy of citizens of India on the messaging platform Whatsapp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens. 1/4 pic.twitter.com/YI9Fg1fWro
— Ravi Shankar Prasad (@rsprasad) October 31, 2019
The disclosure follows a lawsuit filed Tuesday in a US federal court in San Francisco in which WhatsApp alleged that the Israeli NSO Group targeted some 1,400 WhatsApp users with Pegasus.
While WhatsApp has declined to reveal the identities and “exact number” of those targeted for surveillance in India, its spokesperson told The Indian Express that WhatsApp was aware of those targeted and had contacted each one of them.
“Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number,” a WhatsApp spokesperson said.
WhatsApp also said it was suing NSO Group, an Israeli surveillance firm, that is reportedly behind the technology that helped unnamed entities’ spies to hack into phones of roughly 1,400 users.
It is learnt that at least two dozen academics, lawyers, Dalit activists and journalists in India were contacted and alerted by WhatsApp that their phones had been under state-of-the-art surveillance for a two-week period until May 2019. However, it did not say on whose behest the phones of journalists and activists across the world were targeted.