india

Updated: Oct 31, 2019 19:05 IST

A 32-year-old diplomatic correspondent in New Delhi received a curious call from a Toronto-based group called Citizen Lab last month. The caller had some startling information.

“They told me that I was one of 1400 people that were the target of an attempted spying attack,” said the reporter who spoke to Hindustan Times on condition of anonymity. “They said they were working with WhatsApp to determine the exact nature of the attack but said that the source of the attack was a software that was bought by certain entities to start spying.”

The reporter was told to take certain measures and his WhatsApp account is safe for now but he is one of 20-odd people who Citizen Lab has contacted recently in India.

A WhatsApp spokesperson confirmed to Hindustan Times that the targets of the attack in India and other parts of Africa, Europe, Middle East and North America included journalists and activists. However, they refused to give the exact number of people who were targeted or their identities but confirmed the 1400 number and said that the attack had taken place in the month of May.

In a statement, the group which prides itself in its encryption technology which promises high-level of privacy to users said, “We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened.”

Adding that the attack was on civil society activists and journalists, they said that they had filed a complaint in the US court that has now attributed it to a spyware called NSO group and its parent company Q Cyber Technologies.

Union Information Technology minister Ravi Shankar Prasad said the government is “concerned” at the breach of privacy of citizens of India on WhatsApp. “We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” he tweeted.

The minister said the Govt is committed to protecting privacy of all citizens. He also hit out at the opposition for targeting the government over the issue.

“Those trying to make political capital out of it need to be gently reminded about the bugging incident in the office of the then eminent Finance Minister Pranab Mukherjee during UPA regime. Also a gentle reminder of the spying over the then Army Chief Gen V K Singh. These are instances of breach of privacy of highly reputed individuals, for personal whims and fancies of a family,” Prasad tweeted.

How does spyware work

The Citizen Lab which is working with WhatsApp to find more about the May attack says the spyware is developed and sold by an Israel-based company which has as its majority owner a European private equity firm called Novalpina Capital.

Experts working on the attack have said in their statement that “it sells its spyware strictly to government clients only, and all of its exports are undertaken in accordance with Israeli government export laws and oversight mechanisms. However, the number of cases in which their technology is used to target members of civil society continues to grow.”

The spyware has several brand names Pegasus or Q Suite which gets into a target’s phone by various ways, including one where they trick them into clicking a link. It can vary for example, in 2018, a confidant of Jamal Khashoggi was targeted in Canada with a fake package notification.

An official at the IT ministry, who didn’t want to be named, this was a private group hacking into WhatsApp, which had its servers abroad and so was beyond the government’s purview.