Government leaves spyware key question open
The Narendra Modi government has asked Facebook-owned WhatsApp to explain the nature of a snooping operation involving an Israeli spyware on Indian journalists, activists and academics, and the Union home ministry described as “misleading” attempts to malign the government.
On Thursday, The Indian Express newspaper had quoted a WhatsApp spokesman as saying that an unstated number of Indians were targets of surveillance by an Israeli spyware. The spyware can take full control of the devices, enabling snooping as well as injection of data that can incriminate the users.
WhatsApp’s comments came after the messaging platform sued Israeli surveillance firm NSO Group on Tuesday, accusing it of helping government spies break into the phones of roughly 1,400 users, including diplomats, political dissidents, journalists and government officials, across four continents. NSO has denied the allegations.
While it is not clear who used the software to hack officials’ phones, NSO says it sells its spyware exclusively to government customers.
On Thursday, the Modi government woke up to allegations of another “Snoopgate” — a reminder of the scandal that broke in Gujarat in 2013 about a woman being spied upon in 2009 when Narendra Modi was chief minister and Amit Shah home minister.
The Centre tried to address the unfolding controversy administratively as well as politically. But no arm of the Centre addressed the main issue: the Israeli firm’s claim that it sells its Pegasus spyware only to government agencies.
Union information technology minister Ravi Shankar Prasad said in a statement: “The Government of India is concerned at the breach] of privacy of citizens of India on the messaging platform WhatsApp. We have asked WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens.”
Prasad also sought to remind the Opposition, which urged the Supreme Court to step in, of earlier cases of privacy breach under Congress rule.
“Those trying to make political capital out of it need to be gently reminded about the bugging incident in the office of the then eminent finance minister Pranab Mukherjee during UPA regime. Also a gentle reminder of the spying over the then army chief Gen. V.K. Singh. These are instances of breach of privacy of highly reputed individuals, for personal whims and fancies of a family,” Prasad said.
The home ministry said the government would take strict action against any intermediary responsible for breach of privacy.
The Congress said instead of digressing from the issue by asking WhatsApp to explain, the minister should identify who authorised the purchase of the surveillance software and which government agency deployed it.
Congress media in-charge Randeep Surjewala said “instead of digressing from the issue of illegal, unconstitutional and unauthorised surveillance of citizens of India by asking WhatsApp to explain”, the minister should identify who authorised the purchase of the surveillance software and which government agency deployed it.
Additional reporting by Reuters
Three activists recounted to The Telegraph how they came to know of the snooping operation. Excerpts from their accounts:
Nihalsing Rathod, Nagpur-based lawyer of Surendra Gadling who is facing trial in the Bhima Koregaon case
- From 2017, I have suspected that I am under surveillance because once in every couple of months, I would get WhatsApp video calls from unknown numbers which would immediately get cut. In 2018, this increased to twice or thrice a day. I complained to WhatsApp in March this year about these calls.
On October 7, I received a WhatsApp message from the Citizen Lab (the University of Toronto’s interdisciplinary laboratory that investigates digital espionage among other research projects) informing me that I am under surveillance. I spoke to them on October 14 and they explained that an Israeli software called Pegasus has installed malware in my phone, and this software is commissioned by governments.
They asked me to change my handset which I haven’t done yet because I can’t afford to buy a new phone right now. They also said that the malware can be installed also by opening certain links or attachments sent by email. If opened, it infects the computer or the device and someone can get remote access.
Both advocate Gadling and I used to receive this type of email with suspicious attachments. I have told the Citizen Lab this and I am awaiting their response on what to do about it. I have also put out a public appeal to all people affected by such spyware so that we can take action against this together.
Shubhranshu Choudhary, Raipur-based activist working for the rehabilitation of tribals in Chhattisgarh displaced by internal conflict and founder of the mobile-based Gondi language radio service, CGNet Swara
- I ignored it for a while thinking it is some spam, until they contacted me again. They called from a foreign number and explained that I was under surveillance by some multi-million-dollar Israeli spyware which is used by governments.
The person asked for my details. I asked him who he is. The person introduced himself and said that WhatsApp has said that my phone is under surveillance. He asked whether I would like to work with them in improving my digital safety. I have received emails from them on things to do, for example, change my handset.
I have no problem if surveillance is legal as I am a peace activist and what we do is public. But if there is illegal snooping, then there is a problem.
(The person who contacted Choudhary introduced himself as John Scott- Railton, senior researcher at the Citizen Lab. He was requested not to go public with the information revealed to him until WhatsApp directly contacted him.
On Monday, Choudhary received a message from WhatsApp saying “WhatsApp cares about your privacy and security. This message is from WhatsApp.
“Why we’re writing: In May, we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted, and we want to make sure you know how to keep your mobile phone secure.
“How to stay secure: Always use the latest version of WhatsApp and keep your mobile operating system updated to receive the latest security protections.
Learn more: https://faq.whatsapp.com/help/ video-calling-cyber-attack
Recommendations from cyber security experts: https://citizenlab.ca/ pegasus-outreach/
Saroj Giri, assistant professor in department of political science, Delhi University
- I did not get any call from WhatsApp. I got a call a month ago from the Citizen Lab which said that my phone was compromised. The attack happened around April-May 2019.
The Citizen Lab also told me that our national government was involved.
Apart from the WhatsApp video call, the Pegasus also uses links through WhatsApp.
Unlimited number of mobile phone users would have exposed themselves to surveillance by opening the Pegasus link.
I have not complained to anybody. Whom to complain? The government is involved in doing this kind of surveillance on its citizens. The Pegasus software is not responsible. The government is responsible because it bought the software and used it against citizens.
I do not know why they targeted me. It should be investigated.
I feel that there should be counter-strategy from the citizens too. The citizens should start digital counter-surveillance on the government and digital counter- assistance for the people facing surveillance.