WhatsApp says alerted govt of attack in Sept; IT Min says info was inadequate

Sources in WhatsApp said the company had reached out to the government in September and informed about the security breach. Representative image only. Photo: iStock.

After the government sought an explanation from WhatsApp about the security breach targeting Indian activists, lawyers and journalists, the messaging platform has responded saying that it had informed the Indian government in September that 121 Indian users were targeted by the Israeli spyware Pegasus. But the IT ministry has contended that the information received from the messaging app earlier was inadequate and incomplete, according to sources.

The IT ministry sources said they have received a reply from WhatsApp and are studying it, and that a view on it will be taken soon.

While declining to comment on the details of the fresh response sent last week, sources in WhatsApp said the company had reached out to the government in September as well, its second alert on the issue after its communication in May.

Also read | Snoopgate: Govt in a bind as WhatsApp contradicts its version

They said the Facebook-owned company had in the September communication flagged that 121 users in India had been impacted by the spyware.

The IT ministry officials said they had received some communication from WhatsApp in the past, but maintained that the information that came in earlier was inadequate, not complete and full of technical jargons. WhatsApp did not respond to the queries over the matter.

The messaging giant, on Thursday, had said Indian journalists and human rights activists were among those globally spied upon by unnamed entities using an Israeli spyware Pegasus.

WhatsApp had said it is suing NSO Group, an Israeli surveillance firm, that is reportedly behind the technology that helped unnamed entities hack into phones of roughly 1,400 users spanning four continents and included diplomats, political dissidents, journalists and senior government officials.

Also read | WhatsApp Snoopgate: The Orwellian world is here and now

However, WhatsApp did not say on whose behest the phones of journalists and activists across the world were targeted. Refusing to divulge identities of those targeted in India, WhatsApp had said it had, in May, stopped a highly sophisticated cyber attack that exploited its video calling system to send malware to its users.

The spyware allegedly allows compromised devices to give access to phones camera, mic, messages, e-mails and even location data. Put simply, the hackers could have access to the contents of the entire device.

WhatsApp had said it had sent a special message to about 1,400 users globally that it has “reason to believe were impacted by this attack to directly inform them about what happened”.

Over the past few days, several social activists in India have come forward and said they had received communication from WhatsApp in this regard. WhatsApp has over 1.5 billion users globally, of which India alone accounts for about 400 million.

On Thursday, after WhatsApp’s disclosure that the spyware had targeted Indian users as well, the Indian government had asked WhatsApp to explain the matter and list out the measures that were taken by the app to protect the privacy of millions of users.

While NSO has so far maintained that it only sold its “technology to licensed government intelligence and law enforcement agencies”, government officials have asserted that the Indian government has no dealings with the Israeli company.

Government officials had also questioned the “suspicious” timing of the disclosure of the hacking incident, particularly against the backdrop of Supreme Court allowing the Centre three months to come up with rules to curb misuse of social media in the country, and the continued demand for bringing in traceability of originators of malicious content.

(With inputs from agencies)