Daily News and Views
New Delhi, November 5: At least two dozen WhatsApp users in India, including human rights activists and journalists, were allegedly snooped on using Israeli spyware Pegasus . Seventeen such individuals confirmed being alerted by WhatsApp and Canada-based Citizen Lab, which is assisting the messaging app trace the breaches. The Facebook-owned app has sued Pegasus maker NSO Group, but the tech firm said it only licenses its product to government agencies to combat terrorism. India has asked WhatsApp to explain the breach amid the furore even as the app announced a new fingerprint security feature for Android phones.
According to communication expert K Yatish Rajawat the myth that free messaging platform can provide #security and #encryption to communication is misplaced. All communication on public platforms is open to access of one kind or the other. Even to government, especially after the passage of #CLOUD Act in US end to end encryption anywhere in the world is open to real time surveillance as per the law. The #CLOUD Act gives unprecedented powers of #surveillance to US on all data i and this is even available to countries which have signed an executive agreement to share the data. So while Indian #media is tying itself up in knots over who did the snooping or how did the spyware work. And whether the #encryption works or not, the quick answer is it does not. The fact is that #US, #UK and other countries do not need #spyware to snoop on Indians or users anywhere in the world. They can ask any US cloud services provider and that includes Facebook, Microsoft, AWS, and Google to provide them the communication. This specifically included real time communication on #encrypted messaging platforms. Another technology expert Stephane Koch said the hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences. Some victims are in the United States, United Arab Emirates, Bahrain, Mexico, Pakistan and India, said people familiar with the investigation. Reuters could not verify whether victims from these countries included government officials. The revelation comes as more than a dozen Indian journalists and human rights activists said on Thursday they were also targeted.
Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc’s (FB.O) WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation. Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are U.S. allies, they said.
The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.
WhatsApp filed a lawsuit on Tuesday against Israeli hacking tool developer NSO Group. The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users between April 29, 2019, and May 10, 2019.
The total number of WhatsApp users hacked could be even higher. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.
While it is not clear who used the software to hack officials’ phones, NSO has said it sells its spyware exclusively to government customers.
Some victims are in the United States, United Arab Emirates, Bahrain, Mexico, Pakistan and India, said people familiar with the investigation. Reuters could not verify whether the government officials were from those countries or elsewhere.
Some Indian nationals have gone public with allegations they were among the targets over the past couple of days; they include journalists, academics, lawyers and defenders of India’s Dalit community.
NSO said in a statement that it was “not able to disclose who is or is not a client or discuss specific uses of its technology.” Previously it has denied any wrongdoing, saying its products are only meant to help governments catch terrorists and criminals.
Cybersecurity researchers have cast doubt on those claims over the years, saying NSO products were used against a wide range of targets, including protesters in countries under authoritarian rule.
Citizen Lab, an independent watchdog group that worked with WhatsApp to identify the hacking targets, said on Tuesday at least 100 of the victims were civil society figures such as journalists and dissidents, not criminals.
John Scott-Railton, a senior researcher at Citizen Lab, said it was not surprising that foreign officials would be targeted as well.
“It is an open secret that many technologies branded for law enforcement investigations are used for state-on-state and political espionage,” Scott-Railton said.
Prior to notifying victims, WhatsApp checked the target list against existing law enforcement requests for information relating to criminal investigations, such as terrorism or child exploitation cases. But the company found no overlap, said a person familiar with the matter. Governments can submit such requests for information to WhatsApp through an online portal the company maintains.
WhatsApp has said it sent warning notifications to affected users earlier this week. The company has declined to comment on the identities of NSO Group’s clients, who ultimately chose the targets.