Indian WhatsApp users ask government to explain ties with Israeli firm in breach case
A group of Indians including journalists and lawyers whose phones were hacked via Facebook’s WhatsApp messaging platform asked the government on Friday to make public its ties with the Israeli firm accused of deploying the spyware.
WhatsApp last week sued Israel’s NSO Group, accusing it of helping clients break into the phones of roughly 1,400 users - including diplomats, political dissidents, journalists, military and government officials - across four continents.
NSO denied the allegations and said it sells technology to governments to counter terrorism. India is WhatsApp’s biggest market with 400 million users.
The group of 19 affected Indian users said in an open letter that Prime Minister Narendra Modi’s government must explain whether it had mounted the surveillance on them.
“It is a matter of public concern whether Indian tax payer money has been spent on this kind of cyber surveillance...,” the Indian group, comprising journalists, lawyers, academics, writers and social activists, said in the letter.
Of those allegedly affected by NSO’s Pegasus spyware, 121 are based in India, two sources familiar with the matter said.
According to WhatsApp, Pegasus exploited a loophole in its video calling feature, using it as a door to break in to a users’ device. Once in, it got unfettered access to the phone’s data, and even its microphone and camera.
The group of Indian users said that the spyware had compromised not just their safety but also the security of their friends, family, clients and sources.
“We seek an answer from the Government of India about whether it was aware of any contract between any of its various ministries, departments, agencies, or any State Government, and the NSO Group or any of its contractors to deploy Pegasus or related malware for any operations within India?” they said.
The Indian government has neither confirmed nor denied using the spyware.
It last week asked WhatsApp to explain the nature of the breach and the steps it was taking to safeguard user privacy.