On Thursday, the Government of India’s IT Minister Ravi Shankar Prasad reacted to the revelations of the Pegasus hacks by saying the government was concerned about ‘breach of privacy’ and said they have asked WhatsApp to explain the kind of breach.
He said in a statement on Twitter: “Government of India is concerned at the breach of privacy of citizens of India on the messaging platform Whatsapp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens. Govt is committed to protecting privacy of all Indian citizens.Govt agencies have a well established protocol for interception, which includes sanction and supervision from highly ranked officials in central & state governments, for clear stated reasons in national interest.”
He also couldn’t resist taking a dig at UPA and wrote: “Those trying to make political capital out of it need to be gently reminded about the bugging incident in the office of the then eminent Finance Minister Pranab Mukherjee during UPA regime. Also, a gentle reminder of the spying over the then Army Chief Gen. V. K. Singh. These are instances of breach of privacy of highly reputed individuals, for personal whims and fancies of a family.”
In 2011, several media reports claimed that the erstwhile Finance Minister's office phones had been tapped. BJP's Subramanian Swamy, in his quintessential style, had claimed that Pranab Mukherjee’s office was tapped by P Chidambaram's office on Sonia Gandhi's behest.
The BJP even went on to compare the incident to Watergate.
Ravi Shankar Prasad had said in 2011: “Why didn't such a senior politician as Pranab trust the home minister? There is a trust deficit between the finance minister and the home minister. There is a simmering sign of one-upmanship between the two ministries."
Meanwhile, in 2012 then Army chief VK Singh had called reports of his phone being tapped a ‘fiction’.
Earlier, multiple media reports said those targeted in India included human rights activists who were arrested over their alleged involvement in the Bhima-Koregaon Dalit riots near Pune in January last year.
The reports said Indian journalists were also victim of the WhatsApp spygate.
"Indian users were among those contacted by us this week," a WhatsApp Spokesperson told IANS, without revealing the numbers or names of those affected.
However, some individuals came out on their own on social media, revealing they were among those affected by the spyware.
Sidhant Sibal, who is principal diplomatic and defence correspondent for WIONews, tweeted: "Here is the good news. Whatsapp was able to raise the alarm of hacking and they promptly took measures--Technical & Legal. Having being approached by them, they suggested measures to be safe online".
The controversy immediately snowballed into a political one, with several Congress leaders blaming the Bharatiya Janata Party (BJP) behind the WhatsApp snooping on human civil rights activists.
"Modi Govt caught snooping! Appalling but not Surprising! After all, BJP Govt 1. Fought against our right to privacy. 2. Set up a multi crore Surveillance Structure until stopped by SC. SC must take immediate cognisance & issue notice to BJP Govt" tweeted Congress Party leader Randeep Singh Surjewala.
Another Congress leader Jaiveer Shergill tweeted: 1) BJP Govt wanted Aadhar linked with phone 2) objected to right to privacy as fundamental right; 3) 20/12/2018 issued Notification authorising data snooping 4) WhatsApp snooping thru Israeli Software; Next- cameras in our Homes in name of Rashtravaad? Tricks of Bhrasht Jasoos Party?"
Congress Party spokesperson Sanjay Jha tweeted: "Big Bro is watching, reading and analysing your #WhatsApp message".
The BJP, however, dared WhatsApp to reveal the names of those affected.
According to WhatsApp, the NSO Group used the flaw to hack into users' smartphones.
"It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world," the head of WhatsApp, Will Cathart, wrote in an op-ed published by The Washington Post.
In a statement, NSO Group denied performing any such act, saying it disputed the allegations and vowed to "vigorously fight them."
In May, WhatsApp urged its 1.5 billion users to upgrade the app after discovering the vulnerability that allowed a spyware to be installed on users' phones via the app's phone call function.
NSO limits sales of its spyware called Pegasus to state intelligence agencies and others. The software has the ability to collect intimate data from a target device.
According to WhatsApp, it suspects a relatively small number of users were targeted.
The victims of the latest WhatsApp spyware attack may have lost important personal information including location data and email content, say experts.
"The bug can be exploited based on a decades-old type of vulnerability - a buffer overflow," Carl Leonard, Principle Security Analyst at cybersecurity company Forcepoint, told IANS.
"One could assume that an attacker may seek out bulk contact lists, email data, location data or other personal information," Leonard added.