WhatsApp has revealed that at least two dozen academics, lawyers, Dalit activists and journalists in India were the target of surveillance by threat operators using security firm NSO Group’s Pegasus spyware.
The revelations, reported by news outlet Indian Express, come as the Facebook-owned messaging service filed a lawsuit against the Israeli company for helping government spies break into the phones of roughly 1,400 users across four continents in a hacking spree whose targets included diplomats, political dissidents, journalists and senior government officials.
“Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number,” a WhatsApp spokesperson was quoted as saying to the publication.
We’ve reached out to WhatsApp for further details, and we’ll update the story if we hear back.
In May 2019, WhatsApp stopped a sophisticated cyberattack that exploited its video calling system to deliver Pegasus malware surreptitiously. In the lawsuit filed yesterday, the company alleges NSO Group of weaponizing the vulnerability to turn the devices into secret eavesdropping tools to surveil persons of interest.
After a six-month long investigation, the company began sending specially crafted messages to approximately 1,400 users that it believes were impacted by the campaign and provided help to defend themselves from such attacks in the future.
NSO Group, which refuted WhatsApp’s accusations, has consistently maintained its technology is offered only to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crimes.
But numerous instances to the contrary have surfaced in recent months, what with Pegasus being employed by repressive governments around the world such as Morocco, Rwanda, and Saudi Arabia to target journalists and human rights advocates.
Back in September 2018, University of Toronto’s Citizen Lab disclosed as many as 36 NSO Group customers who were involved in targeted surveillance operations across 45 countries. The infections in India were traced back to an operator it called “Ganges,” directing their covert operations on popular cellular carriers and ISPs such as Bharti Airtel, MTNL, and Hathway.
If anything, the development is another reminder that technology companies should never be required to intentionally weaken their security systems via backdoors.
“The mobile phone is the primary computer for billions of people around the world,” WhatsApp head Will Cathcart wrote in The Washington Post yesterday. “It is how we have our most private conversations and where we store our most sensitive information. Governments and companies need to do more to protect…