At least two dozen Indian academics, lawyers, activists and journalists were targeted by Israeli-made spyware that exploited vulnerabilities in the WhatsApp messaging app, according to a lawsuit filed this week.
The Indian journalists and activists are among some 1,400 people worldwide believed to have been targeted in cyberattacks in April and May, as stated in a lawsuit filed by WhatsApp against Israeli surveillance software company NSO Group in US federal court in San Francisco on Wednesday.
Hackers exploited a major vulnerability in the messaging application and remotely installed surveillance software called Pegasus on phones and other devices.
The Pegasus operator would use an ‘exploit link’ sent to the target to penetrate the device's security and install Pegasus without the user's knowledge or permission. The surveillance software then pilfers the target's private data, including passwords, contact lists, calendar events, text messages and live voice calls. The hacker would also gain access to the target device's camera and microphone.
Also on rt.com Protecting monopoly on spying? Facebook sues Israeli cyber firm for exploiting WhatsApp vulnerabilityOne version of the attack didn't even require an 'exploit link', but instead gained access through a vulnerability via a missed video call on the target phone.
“We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse,” WhatsApp said in a statement. The company, bought by Facebook in 2014, quickly introduced new protections to its systems and issued updates in the immediate aftermath of the breach.
WhatsApp spokesperson Carl Woog told The Indian Express newspaper that a "not insignificant number" of India journalists and human rights activists were targeted in the breach, each of which have been informed that their security and privacy were compromised. He declined to give exact figures, however.
Also on rt.com German police will be able to hack WhatsApp, other encrypted messages by end of 2017 – leaked reportFor its part, NSO Group denies any wrongdoing, claiming that Pegasus was only sold to government agencies. The NSO Group terminated its agreement with Saudi Arabia following the Khashoggi murder amid rumors that its spyware may have played a role in tracking the journalist.
"In the strongest possible terms, we dispute today's allegations and will vigorously fight them," the company said in a statement.
"The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime."
Think your friends would be interested? Share this story!