WhatsApp had informed New Delhi in September that 121 Indian users had been targeted with the Israeli spyware Pegasus, after sending an alert in May, but the infotech ministry found the information inadequate and incomplete, sources said.
Sources at WhatsApp said the messaging platform had now responded to the query the government had sent last week about the nature of the snooping that affected about 14,000 journalists, activists and academics across the world, including India.
Officials at the information technology ministry confirmed receiving the reply from WhatsApp and said they were studying it. WhatsApp sources declined comment on the details of the reply.
The company sources said they had first alerted the Indian government in May and then in September, this time putting a figure to the Indian users affected.
Ministry officials said the information in these past communications was inadequate, incomplete and full of technical jargon, and that WhatsApp had not responded to queries.
WhatsApp’s latest alert came on Thursday. It added that it was suing the NSO Group, an Israeli surveillance firm that is reportedly behind the technology that helped unnamed entities hack into the phones of users across four continents who included diplomats, political dissidents, journalists and senior government officials.
WhatsApp, however, did not say at whose behest the phones were targeted.
While NSO maintains that it only sold its “technology to licensed government intelligence and law-enforcement agencies”, government officials here have asserted that the Indian authorities had had no dealings with the Israeli company.
WhatsApp has refused to reveal the identities of those targeted in India but said it had sent a special message to the 1,400 affected users “about what happened”. Over the past few days, several social activists in India have come forward to say they had received this communication from WhatsApp.
WhatsApp has over 1.5 billion users globally, with India accounting for about 400 million.
The spyware allegedly allows compromised devices to provide access to the phone camera, mic, messages, emails and even location data.
WhatsApp said that it had in May stopped a highly sophisticated cyber attack that exploited its video calling system to send malware to its users.
Indian officials have questioned the “suspicious” timing of the latest disclosure of the hacking, particularly against the backdrop of the Supreme Court allowing the Centre three months to come up with rules to curb misuse of social media, and the continued demand for a mechanism to trace the originators of malicious content.
