IT Ministry says past information was inadequate and incomplete, according to sources

WhatsApp had informed the Indian government in September that 121 Indian users were targeted by the Israeli spyware Pegasus, but the IT Ministry has contended the information received from the messaging app earlier was inadequate and incomplete, according to sources.

Sources at WhatsApp said the messaging platform has responded to the government’s query last week, seeking an explanation to the Pegasus spyware that helped unnamed entities’ hack into the phones of journalists and human rights activists across the world, including India.

Also Read WhatsApp alerted Priyanka Gandhi on possible phone attack, says Congress

IT Ministry sources said they have received a reply from WhatsApp and are studying it, and that a view on it will be taken soon.

While declining to comment on the details of the fresh response sent last week, sources in WhatsApp said the company had reached out to the government in September as well, its second alert on the issue after its communication in May.

They said the Facebook-owned company had, in the September communication, flagged that 121 users in India had been impacted by the spyware.

IT Ministry officials said they had received communication from WhatsApp in the past, but maintained the information that came in earlier was inadequate, incomplete and full of technical jargons.

WhatsApp did not respond to queries over the matter.

The messaging giant, on Thursday, had said Indian journalists and human rights activists were among those globally spied upon by unnamed entities using an Israeli spyware Pegasus.

Also Read In WhatsApp breach, follow the money trail

WhatsApp had said it is suing NSO Group, an Israeli surveillance firm, that is reportedly behind the technology that helped unnamed entities’ hack into the phones of roughly 1,400 users, spanning four continents that included diplomats, political dissidents, journalists and senior government officials.

However, WhatsApp did not say on whose behest the phones of journalists and activists across the world were targeted. Refusing to divulge identities of those targeted in India, WhatsApp had said it had, in May, stopped a highly sophisticated cyber attack that exploited its video calling system to send malware to its users.

The spyware allegedly allows compromised devices to give access to a phone’s camera, mic, messages, e-mails and even location data. The hackers could have access to contents of the entire device.

WhatsApp had said it had sent a special message to about 1,400 users globally that it has “reason to believe were impacted by this attack to directly inform them about what happened”. Over the past few days, several social activists in India have come forward and said they had received communication from WhatsApp in this regard.

WhatsApp has over 1.5 billion users globally, of which India alone accounts for about 400 million.

On Thursday, after WhatsApp’s disclosure that the spyware had targeted Indian users as well, the Indian government had asked WhatsApp to explain the matter and list out measures that were taken by the app to protect the privacy of its users.

While NSO has so far maintained that it only sold its “technology to licensed government intelligence and law enforcement agencies”, government officials have asserted that the Indian government has no dealings with the Israeli company.

Government officials had also questioned the “suspicious” timing of the disclosure of the hacking incident, particularly against the backdrop of Supreme Court allowing the Centre three months to come up with rules to curb misuse of social media in the country, and the continued demand for bringing in traceability of originators of malicious content.