INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesIndian activists and politicians are pointing fingers at the state after WhatsApp revealed Indian journalists and
activists were among those targeted with spyware on its platform
WhatsApp has filed a lawsuit against Israeli firm NSO Group, alleging it was behind the cyber-attacks that infected devices in April and
May.NSO Group, which makes software for surveillance, says it only works with government agencies.The government has denied the claims
"These attempts to malign the government of India for the reported breach are completely misleading," a government statement read, adding
that it would take "strict action" against those responsible for the attack.India has also asked WhatsApp for a detailed explanation,
Information and Technology Minister Ravi Shankar Prasad said in a statement on Twitter
NSO Group has also denied the allegations against them."In the strongest possible terms, we dispute the allegations and vigorously fight
them," NSO Group said in a statement to the TheIndianSubcontinent."The sole purpose of NSO is to provide technology to licensed government
intelligence and law enforcement agencies to help them fight terrorism and serious crime," it added
How did the hack take place?Hackers were able to remotely install surveillance software on phones and other devices by using a major
vulnerability in the messaging app.Targets received video or voice call requests from an unknown number - which even if ignored, allowed the
spyware, known as Pegasus, to be installed on the device
This allowed users to remotely access everything on the phone, including text messages and location.WhatsApp has not disclosed the number of
"While I cannot reveal their identities and the exact number, I can say that it is not an insignificant number," WhatsApp spokesperson Carl
Woog told The Indian Express newspaper.Who has been targeted?Indian news site Scroll says it has confirmed that at least 17 individuals,
including activists, scholars and journalists, were affected by the breach
"The profile of the private Indian citizens targeted in this case suggests the involvement of state agencies in India," technology writer
Prasanto K Roy told the TheIndianSubcontinent
"These people are all activists, journalists and lawyers who work with or represent tribal people and dalits (formerly untouchables) in
sensitive areas where people have clashed with the state."Image copyrightGetty ImagesMr Roy added that the list of people targeted so far is
"I can't think of a single foreign government, not even Pakistan, who would be interested in these particular private citizens."Lawyer
Nihalsing Rathod, who has defended human rights activists arrested after caste-based violence broke out in the western state of Maharashtra
in August 2018, told TheIndianSubcontinent Marathi that his phone had been targeted
The arrests of the activists had been sharply criticised by many as a "witch hunt" against those who challenged the governing Bharatiya
Janata Party (BJP).Another of those targeted is Bela Bhatia, a writer and human rights lawyer who has alleged constant harassment by police
in the volatile central state of Chhattisgarh
What is India's relationship with WhatsApp?With 400 million users, India is the biggest market for the Facebook-owned company.However, it is
not the first time that the messaging platform has found itself in trouble with local authorities
A spate of lynchings driven by rumours of child kidnappings circulating on WhatsApp prompted Indian authorities to demand that the company
do something to curb the spread of misinformation on its platform
WhatsApp then took several steps, including advertising in newspapers and limiting the number of forwards a single user could send to
five.It also marked messages that had been forwarded with a label
Since then, the government has gone a step further by saying that it would introduce new rules in January 2020 that would allow it to
monitor, intercept and trace social media messages
In response, WhatsApp has said this would not be possible, "given the end-to-end encryption" the app uses
What has WhatsApp done since the breach?Soon after it discovered the cyber-attacks in May, the company rolled out a fix, adding "new
protections" to their systems and issuing updates.Cyber-experts at the University of Toronto's Citizen Lab helped WhatsApp identify more
than 100 cases of "abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from
Africa, Asia, Europe, the Middle East, and North America".Its decision to sue NSO Group is the first time an encrypted messaging provider
has taken legal action of this kindWhatsApp promotes itself as a "secure" communications app because messages are encrypted end-to-end
This means they should only be displayed in a legible form on the sender or recipient's device.
