New Delhi / Pegasus spyware spied on Indians via WhatsApp since 2017: Report

The print : Nov 01, 2019, 11:48 AM

New Delhi: NSO Group, the Israeli firm courting headlines for producing spyware used to allegedly spy on as many as 1,400 people via WhatsApp, has reportedly been targeting Indians since 2017.

WhatsApp had alerted “at least two dozen academics, lawyers, Dalit activists and journalists in India” that their phones were spied upon through the spyware ‘Pegasus’ for a “two-week period until May 2019”.

These reportedly include high-profile targets like lawyer Nihalsing Rathod, who represents one of the activists accused in the Bhima-Koregaon case, and tribal rights activist Bela Bhatia. 

However, according to a September 2018 report from Citizen Lab, a research group at the University of Toronto, since 2017, the firm’s spyware has been deployed via malicious URLs called ‘exploit links’ to target Indians along “political themes”. 

The group is currently helping social media giant WhatsApp get to the root of the May 2019 hack.

Another report released this month quoted NSO Group aka Q Cyber Technologies as claiming that it sells this spyware “strictly to government clients only”.  

It indicated that India continued to be a target for surveillance by spyware via websites with domain names like “signpetition[.]co”.

Such links for domain names “sometimes impersonate mobile providers, online services, banks, and government services, which may make the links appear to be benign at first glance”, the report stated.

Once a user clicks on such a domain name or ‘exploit link’, the spyware penetrates security features and installs itself on their phone, after which all private data stored on the device can be gathered by the spyware, the report added.

Apart from India, Citizen Lab stated, users in Pakistan Bangladesh and Hong Kong were targeted as well.

How WhatsApp was targeted

Pegasus, also known by other names like Q Suite, is considered among the world’s “most sophisticated” software for spying. 

WhatsApp has announced it will take legal action against NSO Group for violating its policies. The US-based, Facebook-owned company is seeking “a permanent injunction banning NSO from using our service”.

WhatsApp is the most popular messaging app in India. When deployed via WhatsApp, Pegasus was reportedly placed on phones via video calls. The calls didn’t even have to be answered for the phone to be compromised. 

Once present on the phone, the spyware was able to access “passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps”. The operator remotely controlling the spyware could switch on the phone camera and microphone, and even monitor the target’s physical whereabouts.

After the May 2019 hack, Citizen Lab volunteered to help WhatsApp identify cases where the spyware had targeted people like human rights activists and journalists. Since then, the group suggests, there has been growing abuse of NSO Group’s spyware for spying in around 100 cases that targeted “human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East”.

In a statement issued Thursday evening, union Communications, Electronics & Information Technology Minister Ravi Shankar Prasad said the government was “concerned at the breach of privacy of citizens of India” and had asked “WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens”.

“The government is committed to protecting privacy of all Indian citizens,” he added, before going on to dismiss claims that the government might be involved. “Government agencies have a well established protocol for interception, which includes sanction and supervision from highly ranked officials in central & state governments, for clear stated reasons in national interest.”