The VICE Guide to Right Now

Israeli Spyware Used Whatsapp to Hack Over 20 Indian Journalists and Human Rights Activists

Sources say that even academics and Dalit rights activists were monitored under the state-of-the-art surveillance for a two-week period in May 2019 during the run-up to India’s general elections.
SJ
Mumbai, IN
October 31, 2019, 8:53am
pegasus whatsapp india hack 2019 general elections
Photo: Antonbe from Pixabay

This article originally appeared on VICE India.

Facebook-owned WhatsApp just dropped the shocking reveal that Israeli spyware Pegasus was using the instant messaging platform to keep tabs on more than 20 Indian journalists, human rights activists, academics, lawyers, and more. The matter came to light when WhatsApp filed a lawsuit against the NSO group, the Israeli intelligence company that is said to have developed the illegal spyware, on Tuesday, October 29. While the exact identities of all those targeted in this major breach of privacy have not been unmasked, a spokesperson said that the number was “not insignificant”. Those targeted were under state-of-the-art surveillance for a two-week period in May 2019, in the run-up to the general elections that chose Narendra Modi as the Indian prime minister for the second consecutive time.

Advertisement

The targeted persons include Nihal Singh Rathod, a Nagpur-based human rights lawyer who represented some of the accused in the Bhima Koregaon case; Bela Bhatia, an activist who advocates Adivasi rights in Chattisgarh’s Bastar region often accused of being a “naxal sympathiser”; Degree Prasad Chouhan, a Dalit rights lawyer and activist; Anand Teltumbde, a professor, writer and civil rights activist; and Sidhant Sibal, a diplomat and defence correspondent for Wion news.

Pegasus is notorious for its ‘exploit link’ formula, which automatically downloads a hidden app that lets it access all data without the user’s knowledge once they are convinced about clicking on a link that looks seemingly harmless. But in the lawsuit against the company and its parent organisation Q Cyber Technologies, WhatsApp alleges that they have unlawfully developed a malware that lets them decrypt messages of people using WhatsApp on Android, iOS and even Blackberry operating systems.

Considering most of us treat WhatsApp as our primary messaging service and expect our conversations to remain private since the app proclaims that all messages are encrypted, this breach is a pretty big deal as this has also opened up the ground for hackers to access WhatsApp accounts without the users knowing at all.

The petition also claims that NSO has violated laws in the United States as well as the platform’s terms of service since smartphones were accessed through even missed calls. “We believe this attack targeted at least 100 members of civil society which is an unmistakable pattern of abuse,” it said. “This number may grow higher as more victims come forward.”

In response, the Israeli NSO Group, which was once even referred to as a “cyber arms dealer” maintains that it is innocent and that the accusations against it are false. “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” it said in a statement. “Our technology is not designed or licensed for use against human rights activists and journalists.”

However, WhatsApp’s head Will Cathcart has rebutted them saying, “NSO Group claims they responsibly serve governments, but we found more than 100 human rights defenders and journalists targeted in an attack last May,” in a tweet. “This abuse must be stopped.”

This also isn’t the first time such a security breach has been tied to Pegasus. In September 2018, Canadian cyber security group Citizen Lab said, “We found suspected NSO Pegasus infections associated with 33 of the 36 Pegasus operators we identified in 45 countries” including India. The 2018 report even identifies an active link to India from June 2017 to September 2018. “We identified five operators that we believe are focusing on Asia. One operator, Ganges, used a politically themed domain.”

Follow Shamani Joshi on Instagram.