Senior government officials in multiple US-allied countries were targeted earlier this year with hacking software that used Facebook Inc's WhatsApp to take over users' phones, according to people familiar with the messaging company's investigation.
The confirmation by WhatsApp that the mobile phones of several Indian rights activists and journalists had been hacked into has sparked a furore with privacy activists asking the government to clarify.
WhatsApp's conduct, the official said, had raised concerns over whether this was an attempt to blunt the growing demand for traceability and accountability from the US -based firm, not just in India, but also the USA, the United Kingdom and Australia.
"We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse", WhatsApp said in a statement reported by BBC. Numerous nations are USA allies, they said.
Amid an uproar over allegations of an Israeli software being used to spy over activists and journalists, WhatsApp on Friday said it has taken a "strong action" in the incident and supports the Indian government's stand on the need to safeguard the privacy of all citizens.
In a statement earlier this week, NSO Group noted: "The sole goal of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime". The said spyware reportedly aimed to attack both the human rights advocates and journalists.
When doubts about this technology were first raised in May this year, NSO Group said that it put in place a "Human Rights Policy", which "further embeds human rights protections throughout our business and governance systems".
The lawsuit specifically refers to NSO Group's notorious Pegasus - a type of spyware known as a remote access Trojan (RAT).
Was this breach flagged earlier/elsewhere?
As of now, there have been no reports on who is responsible for the data breach that has impacted around 1400 WhatsApp users across the globe. It also confirmed that five operators of Pegasus are dedicated to keep an eye on Asia. The elections in Andhra Pradesh also have shown that political parties are using state surveillance to gain ground over the Opposition and have even been using resources like Aadhaar for voter profiling.
Who is behind the Pegasus cyber attacks? After the killing of The Washington Post journalist Jamal Khashoggi, when links to NSO Group's spyware and its involvement in tracking Khashoggi's movements emerged, NSO Group terminated its agreement with Saudi Arabia.
The WhatsApp communications app is seen on a smartphone.
"Of course, all this is done without the owner's permission or knowledge". The hacker would also gain access to the target device's camera and microphone.
"In May we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices".
Based on a May 2019 vulnerability note published on the official website of CERT-IN, a government agency tasked with the "objective of securing Indian cyberspace", CERT-IN was aware of the vulnerability.
In a way, the Pegasus affair makes clear something that many who work in the public sphere often joke about - that what they say or do is being monitored by people and organisations who don't have their best interests at heart.