Israeli spyware snooped on Indian activists, scribes on WhatsApp

As Facebook-owned WhatsApp sued Israeli cyber intelligence company NSO Group this week that exploited its video calling system to snoop on 1,400 selected users globally, details emerged on Thursday that there were "insignificant number" of Indian human rights activists and journalists among those who were targeted.

Multiple media reports said those targeted in India included human rights activists who were arrested over their alleged involvement in the Bhima-Koregaon Dalit riots near Pune in January last year, adding that some Indian journalists were also victim of the WhatsApp spygate.

The controversy immediately snowballed into a political one, with several Congress leaders blaming the Bharatiya Janata Party (BJP) orchestrating the WhatsApp snooping on human rights activists.

"Modi Govt caught snooping! Appalling but not Surprising! After all, BJP Govt 1. Fought against our right to privacy. 2. Set up a multi crore Surveillance Structure until stopped by SC. SC must take immediate cognisance & issue notice to BJP Govt," tweeted Congress Party leader Randeep Singh Surjewala.

Another Congress leader Jaiveer Shergill tweeted: 1) BJP Govt wanted Aadhar linked with phone 2) objected to right to privacy as fundamental right; 3) 20/12/2018 issued Notification authorising data snooping 4) WhatsApp snooping thru Israeli Software; Next- cameras in our Homes in name of Rashtravaad? Tricks of Bhrasht Jasoos Party?"

Sidhant Sibal, who is principal diplomatic and defence correspondent for WIONews, tweeted: "Here is the good news. Whatsapp was able to raise the alarm of hacking and they promptly took measures--Technical & Legal. Having being approached by them, they suggested measures to be safe online".

When contacted, WhatsApp India office refused to share an official statement.

Congress Party spokesperson Sanjay Jha tweeted: "Big Bro is watching, reading and analysing your #WhatsApp message".

The BJP was yet to react to the allegations.

According to WhatsApp, the NSO Group used the flaw to hack into user's smartphones.

"It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world," the head of WhatsApp, Will Cathart, wrote in an op-ed published by The Washington Post.

In a statement, NSO Group denied performing any such act, saying it disputed the allegations and vowed to "vigorously fight them."

In May, WhatsApp had urged its 1.5 billion users to upgrade the app after discovering the vulnerability.

NSO limits sales of its spyware called Pegasus to state intelligence agencies and others. The software has the ability to collect intimate data from a target device.

The victims of the latest WhatsApp spyware attack may have lost important personal information including location data and email content, said experts.

"The bug can be exploited based on a decades-old type of vulnerability - a buffer overflow," Carl Leonard, Principle Security Analyst at cybersecurity company Forcepoint, told IANS.

"One could assume that an attacker may seek out bulk contact lists, email data, location data or other personal information," Leonard added. IANS