Earlier in May this year Whatsapp, the messaging giant had identified that spyware crafted by an “advanced cyber actor” has infected multiple mobile phones through the popular WhatsApp communications program. The company said that the same was done without any user intervention through in-app voice calls. Those ‘advanced cyber actors’ were identified as an Israel’s NSO group as reported by The Financial Times. Later, the spokesperson of Whatsapp came on record to say that “we’re certainly not refuting any of the coverage you’ve seen.” The spokesperson also revealed that to the extent the said malware could be decoded, it was seen that the same could enter a phone through missed calls alone through the voice calling function of the application. The company discovered a malware floating in the system not authorised by it and is speculating that it had affected the phone records of more than a dozen people. The said finding was said to be ‘a very scary and vulnerability’ by John Scott-Railton, a researcher with the internet watchdog Citizen Lab. He said there is no choice left for the users but do not have the application on their phones altogether.
The WhatsApp spokesman had also said that the attack through planting unauthorised malware had all the attributes of a private company known to have been working with the government agencies and officials to delivery spyware with the potential to take over the mobile phone operating system. With a user base of more than 1.5 billion people, Whatsapp had immediately contacted a human rights group, Citizen Lab, to fix this issue and push out a patch. Whatsapp later revealed in their statement to the media that they are deeply concerned about ‘the abuse of such capabilities’. Spokesperson of NSO did not come on record for any comments on the matter.
Surveillance device in your pockets!
It was suspected that once the spyware has attacked your phone, it becomes a ‘pocket-sized surveillance device’, where it can hijack your phone & control its cameras. On a background check, the spyware of NSO has been seen to be brought to use against hacking journalists, lawyers, human rights defenders as well as other social activists, posing a challenge to the state.
Bhima Koregaon Lawyers were targetted:
Over the last two years one Nagpur-based human rights lawyer named Nihalsing Rathod has received incoming calls on WhatsApp from unknown numbers. These calls are generally made from international numbers, and would invariably turn out to be a group call, as per Nihal.
As soon as Rathod would answer these calls, the call would disconnect. Rathod then assumed these were innocuous calls made to his number but as a safety measure, he reported each of these “suspicious calls” to WhatsApp. On October 7, 2019, Rathod, however, was contacted by a senior researcher from the Toronto University’s CitizenLab informing him that he faced a “specific digital risk”.
Rathod is one of the lawyers handling the Bhima Koregaon case in which nine activists and lawyers have been arrested since June 2018. Rathod’s senior legal mentor Surendra Gadling is among the nine activists whi have been arrested and was booked under several provisions of the Unlawful Activities (Prevention) Act (UAPA) and the Indian Penal Code.
The use of the spyware was involved in the gruesome killing of Saudi journalist Jamal Khashoggi. Khashoggi was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found. The list of other alleged targets of the spyware consists of a close friend of Khashoggi and several other Mexcian civil society figures. The said affected parties are suing the NSO in an Israeli court over hacking. Amnesty International, suspecting that one of its staff was also targeted with the spyware has said it would join the legal battle and force Israel’s Ministry of Defense to suspend NSO’s export license. A very preliminary analysis of the trend reveals the most disturbing feature of the malware that is, targeting people from CSOs, NGOs and other human rights defenders in India as well across the globe.
How does Pegasus enter one’s phone?
The manner in which the malware functions is that code is transmitted by calling the target phone on WhatsApp. Simply on getting the call, even if not answered, the code enters the phone. Moreover, some reports claim that the call is not logged and any history gets erased. This has been identified as the only ways of delivering the spyware Pegasus, according to The Citizen’s Lab of the University of Toronto, which worked with WhatsApp on identifying spyware victims. However, they have also pointed towards other cases such as alarming SMSs that prompt targets to click on a link.
How does Pegasus spyware operate?
After being installed through even a missed Whatsapp voice call, it can access the target person’s contact records, calendar events, phone calls, messages on Whatsapp as well as other communication applications (like Telegram or Messenger). It even has the capacity to send all these details from one’s phone to the spyware’s controller. Anti-malware service Kaspersky had told that the malware is well built and strong enough to cross even encrypted devices as it had started before the encryption process did. So, once into your phone, it turns it into a spying device as it can also switch on its camera or microphone.
Who was a target of Pegasus?
As per the released reports, over 100 human-rights activists, lawyers, journalists, human rights defenders and dissenters were targeted across the globe by the Pegasus malware. This included several lawyers and journalists in India as well. In the later investigation that followed, it was found that a total of 1,400 mobile numbers and devices were impacted globally, including a specific set of people as mentioned above. Whatsapp, taking this matter to the federal court has stated that as per the public reporting, the defendants’ in the instant case [NSO group], clients “include, but are not limited to, government agencies in the Kingdom of Bahrain, the United Arab Emirates, and Mexico as well as private entities.”.
Moreover, in what is called “An unmistakable pattern of abuse”, the Citizen Lab at the University of Toronto, which helped WhatsApp in identifying the incidents of the members of civil society, such as human rights defenders and journalists being the suspected targets of this attack. It is said that at least one hundred members of civil society were targeted in these attacks globally spread across twenty countries, namely Africa, Asia, Europe, the Middle East, and North America. They suspect that the number is just an understatement and it might increase as more victims come forward.
Will Cathcart, the head of WhatsApp, said that the NSO Group has previously denied any involvement in the said spyware attack. NSO has stated, “Under no circumstances would NSO Group be involved in the operating … of its technology.” Will Cathcart said that despite the denials, the investigation paints a different story, holding NSO group accountable. Now the group is being sued by the U.S. state & federal laws including the U.S. Computer Fraud Act as well as the Abuse Act. The number of cases the NSO technology is used to target the members of civil society is establishing a pattern. Though the group claims to have sold the spyware strictly to government clients only, in accordance with Israeli government laws and oversight mechanisms, there is a different side to it. A report by Citizen Lab as put on its website said:
“NSO Group spyware is being sold to government clients without appropriate controls over how it is employed by those clients. They are, in turn, using NSO’s technology to hack into the devices of members of civil society, including journalists, lawyers, political opposition, and human rights defenders — with potentially lethal consequences,”
Save yourself from the hacking!
Google earlier had published a blog post about the effects of Pegasus malware. It had said that Google has begun to identify the phones affected by the spyware, disable it and inform the targets about the same. Most of the targets include the journalists, lawyers and Dalit and human rights activists. After the Facebook-owned company, WhatsApp confirmed that few Indian users were also targeted using the Israeli spyware, the Centre has sought an explanation from WhatsApp.
The unauthorised intrusion of the NSO group was reported and taken to the U.S. court earlier this week. NSO, an Israeli technology firm, on its website, shows that their products are used ‘exclusively by government intelligence bodies and law enforcement agencies to fight crime and terror’.
The Information Technology Minister Ravi Shankar has asked WhatsApp to “explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens.” He said that the government agencies were well equipped with a well-established protocol for an interception which cannot be done without the sanction and supervision from the high officials in the Central or State government. The permission of the Central or State government would be required because the same could only be done in the clearly stated national interest.
The matter has gained political momentum in India with the present I.T. Minister blaming the opposition parties including the Congress. He pointed out that the incidents of bugging had taken place in the UPA regime as well. He pointed towards the big hack in the UPA regime where the former Finance Minister Pranab Mukherjee’s office was bugged and spying on the then Army Chief Gen. V.K. Singh. Prasad said.
“These are instances of breach of privacy of highly reputed individuals, for personal whims and fancies of a family,”
With regards to the said incidents, the Ministry of Home Affairs [MHA] has issued a statement saying that it is committed to protecting the fundamental rights of the citizens. Moreover, it said that the report of a breach of privacy on Indian citizens on WhatsApp is misleading solely made with the intention to malign the government. MHA has promised to take strict action against any responsible intermediary causing the breach of privacy of the Indian citizen. MHA, in its statement, has clarified that the government of India will strictly abide by the provisions of laws and protocols laid down. It said that there are adequate safeguards in place to ensure no citizen’s privacy is breached or no innocent citizen in harassed. Both the ministry of I.T. & Broadcasting as well as the Ministry of Home Affairs did not comment upon whether the government agencies sought the services of the NSO.
After the Pegasus reveals, it has been said that the system of the widely used messaging giant, WhatsApp is not a very secure system. Dr Gulshan Rai, the former National Cyber Security Coordinator in the Prime Minister’s Office, said that “It is accessed by millions of users the world over through different platforms and tools. Their systems are amenable to breaches due to their own weakness and also because of others. In the past, there have been several instances of weakness in their systems. It is very evident that if NSO has exploited weaknesses in their system, their (WhatsApp) systems and checks are very weak,”.
The Hindu reports that one activist Saurav Das filed a Right to Information [RTI] application to the MHA asking for whether the said ministry has purchased the said spyware Pegasus or intends to do so in the near future. In the reply furnished by MHA to the RTI of Saurav, it said: “it had no information in this regard”.