In a bombshell revelation, WhatsApp has revealed that the messaging app was used to spy on at least two dozen Indian journalists and human rights activists earlier this year, The Indian Express reported on Thursday. The spies reportedly used Pegasus, a spyware developed by the Israeli NSO Group, to compromise the phones of the targeted persons in a two-week period until May 2019, coinciding with the parliamentary election.
Spies can deploy the malware on a cellphone by getting the user to click on an “exploit link”, or even through a missed WhatsApp video call. They can then even turn on the phone’s camera and microphone to capture activity in its vicinity, according to the report.
The NSO Group claims it has sold Pegasus only to “vetted and legitimate government agencies”, which means journalists and activists were likely put under surveillance by their own governments. Meanwhile, Union Minister of Information Technology Ravi Shankar Prasad said WhatsApp has been asked to explain the breach and the measures taken to strengthen the privacy of Indian citizens.
WhatsApp refused to number or identify those targeted in India. However, a spokesperson told the newspaper that the company had contacted each of the affected individuals about the breach. “Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number,” the spokesperson said.
Newslaundry identified a few of the persons who said they were targeted by the spyware. They were informed about the breach by the University of Toronto’s Citizen Lab, which works on tracking cyber threats against civil society. In 2008, Citizen Lab found “suspected infections associated with 33 of the 36 Pegasus operators in 45 countries”, including five operators focusing on Asia. “One operator, Ganges, used a politically themed domain.”
Citizen Lab is working with WhatsApp, owned by Facebook, to help identify cases “where the suspected targets of the attack were members of civil society, such as human rights defenders and journalists”.
Here’s a list of Indians who told Newslaundry that they were targeted for surveillance through WhatsApp.
Rathod is a human rights lawyer in Nagpur, Maharashtra, who represents several of the accused in the Bhima Koregaon case. He says he received a message on October 7 from John Scot-Railton, a senior researcher at Citizen Lab, alerting him to the surveillance.
“After chatting on WhatsApp two or three times, I spoke to the researcher on October 14,” Rathod said. “He told me my phone was infected by spyware and my number was on the list of people whose phones were compromised. He told me around 1,400 people across the world had fallen victim to a malware that turned out to be Israeli spyware. He did not say what the malware was called at the time, though.”
Rathod claimed he started receiving suspicious WhatsApp calls in 2018. “The calls were from international numbers. Similarly, I was receiving emails related to my cases with zip files attached but nothing would appear when I clicked on them. The researcher said that was also a modus operandi to transfer malware into my computer to keep track of my activities.”
Bhatia is a human rights activist, based in Chhattisgarh’s troubled Bastar region. Her advocacy of Adivasi rights has invited threats and even attacks by state-backed vigilantes who accuse her of being a “Naxal sympathiser”.
“I received a call from Citizen Lab in late September,” she said. “They informed me that my phone had been targeted with spyware in May-June this year and that it was like carrying a spy in my pocket.”
She added, “They informed me that it had happened to a few activists in India and that it was done by our own government. They said WhatsApp had approached them after they were alerted to the possibility of the malware.”
“I was informed that the Indian government was responsible for this. I was not surprised since state surveillance of human rights activists is not new. By using more sophisticated Israeli spyware, the government has functioned with impunity. It has, once again, infringed on our right to privacy, upheld as a fundamental right by the Supreme Court in August 2017, and revealed that it needs to be vary of activists who are fighting on the ground for constitutional rights through constitutional means.”
Degree Prasad Chouhan
Chouhan is a lawyer and activist who campaigns for the cultural and social rights of Dalits and Adivasis. He was informed about the snooping on October 28.
“Initially I was suspicious of his call but then the researcher from Citizen Lab sent me a video explaining who he was and requested me to talk to him,” Chouhan recalled. “I had a phone call with him and he informed me that my phone had been attacked by spyware for the purpose of snooping.”
“I have got some suspicious mails in the past. But snooping using Israeli spyware was new for me. I am an activist working for the rights of the poor and the Adivasis in Central India. It’s said the government is spying on us using foreign technologies. I am not an enemy of this nation.”
The professor, writer and civil rights activist received a call from Citizen Lab around 10 days ago.
“They informed me that my phone had been attacked using spyware. This is very wrong on the part of the government,” he said. “They have been involved in tapping phones of many people for a long time. But using spyware to snoop on people is pernicious. Individuals have become very vulnerable. This is a breach of the privacy of people in the highest possible degree. They are spying on everything an individual does. This doesn’t happen even in the worst dictatorships.”
Sibal is the principal diplomatic and defence correspondent for Wion TV channel. Wion tweeted saying he was among those targeted.
Jadhav, who is with the cultural group Kabir Kala Manch, said she was contacted by Citizen Lab three days ago. “But because of the language barrier, I wasn’t able to communicate with them initially. I was also suspicious of the person who called me, but then he sent me details about him through WhatsApp. Then, with the help of a friend, I contacted Citizen Lab yesterday and was told that my phone had been targeted for surveillance and they want to help me in this regard.”
Choudhary is a former TV and radio producer for BBC’s South Asia bureau. He worked with the British media organisation for eight years before launching India’s first community radio on mobile phone, CGnet Swara. The audio portal allows people in Chhattisgarh to report and listen to local stories. Currently, he runs BlueTu Radio (Bluetooth Radio) for Adivasis. He suspects that he was targeted for his “peace-related work in Chhattisgarh”.
“Some weeks ago, I got a few missed calls. When I called back, they told me they were from Citizen Lab. I inquired about them from my contacts in digital security and they told me Citizen Lab was genuine and serious,” Choudhary said. “I was told by Citizen Lab that using an Israeli spyware phones were breached and that my number was on the list. Later, I received a message from WhatsApp regarding the same.”
He added, “I am a peace activist and there is nothing to hide. We don’t care whether anyone is snooping or not, but it’s definitely an attack on the fundamental right to privacy. We have a right to know who is doing this and how they are doing this. If it’s legal, we don’t have any problem. But if it’s illegal, then it is definitely an objectionable attack on our fundamental right.”
Giri is assistant professor, Political Science, at Delhi University. He said he was contacted by Citizen Lab a month ago. “They sent me a message that there was malware in my system. Initially, I found it fishy but later that person sent me his video in which he identified himself,” Giri said, referring to the Citizen Lab’s representative. “Since he was persistent about talking to me, I took him seriously. I had him verified with the help of a contact, then I began communicating with Citizen Lab.”
He added, “The serious thing is that we really haven’t figured out why this was done. Such an expensive spyware is used only for high-value targets such as Jamal Khashoggi. He was a high-value target for Saudi Arab. But over here nobody is like him, it’s sheer misuse. Still, this is a call for activists in India to grow up. They should know how to do digital countersurveillance, otherwise the only option is to go to a court of law.”
The social and environmental activist based in Mumbai said he was contacted about the breach a week ago. “I received a message from a researcher at Citizen Lab. The messages said I was facing a digital risk, but I didn’t take it seriously and deleted it. Two days later, I got the message that it was a serious risk and that they needed to talk to me. Again, I ignored it. The next day, I received a message on WhatsApp explaining the risk and asking me to contact Citizen Lab, which is in Canada.”
Sundara added, “I was told that using a missed voice call or a link my phone was accessed in order to take my contacts, email, Facebook and other details. They mentioned that it was a spyware. It’s quite clear that the government is involved in this.”
Gupta, an activist with the Peoples Union for Democratic Rights, was told that he was under surveillance on October 6. “I was informed by Citizen Lab through a text message and then a call. They asked me whether I was aware that my WhatsApp had been tapped. I said I didn’t know about WhatsApp but, yes, my phone was being tapped. This is definitely being done by the Indian government. Why would Israel be interested in a person like me?”
He added, “I told the Citizen Lab researcher about something that happened in July: I was removed from all WhatsApp groups, even the ones where I was the administrator. He asked if he could report this incident to WhatsApp. I said yes. He assured me that they would help me with this issue.”
The Chandigarh-based lawyer who has represented Sudha Bhardwaj and assisted the lawyer Vrinda Grover with the petition filed by Romila Thapar and other eminent citizens in the Supreme Court seeking a fair investigation into the Bhima Koregaon case was contacted by Citizen Lab on October 5. “They informed me my phone had been attacked with a spyware. The researcher also said I would receive a communication from WhatsApp which I did recently.”
He added, “I don’t know why somebody would want to snoop on me. Maybe it’s because of the kind of cases I am handling,” he said.
This is a developing story. We will update it as and when names of the other targeted persons become known. We have reached out to Citizen Lab for further details and to confirm the names we have identified so far. Watch this space.