Messaging platform WhatsApp has revealed that Indian journalists and human rights activists were targets of surveillance through the use of Israeli spyware Pegasus, The Indian Express reported on Thursday. The revelation came after WhatsApp filed a lawsuit on Tuesday against Israeli cyber intelligence company NSO Group, which allegedly developed the spyware.

WhatsApp refused to divulge details on the identities or the exact number of those targeted in India. However, a spokesperson said that the company had contacted each person about the breach. “Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number,” the spokesperson said.

More than 20 Indians, including academics, lawyers, and Dalit activists were alerted that their phones were under state-of-the-art surveillance for two weeks in May, according to the newspaper.

In the lawsuit against the Israeli firm and its parent company Q Cyber Technologies, WhatsApp alleged that they had engaged in “unlawful access and use” of the platform’s computers. The NSO Group allegedly developed the malware to gain access to messages and other communications after they were decrypted on the devices of those targeted. This also allowed hackers to bypass WhatsApp’s encryption, according to The New Yorker.

The petition claimed that laws in the United States and California were violated along with the platform’s terms of service, and added that smartphones were accessed through just missed calls. “We believe this attack targeted at least 100 members of civil society which is an unmistakable pattern of abuse,” it said. “This number may grow higher as more victims come forward.”

WhatsApp’s head Will Cathcart said they sued the Israeli firm after an inquiry pointed to its involvement. “NSO Group claims they responsibly serve governments, but we found more than 100 human rights defenders and journalists targeted in an attack last May,” he tweeted. “This abuse must be stopped.”

The plea said that the software, which was developed by NSO, was designed in a way that it can be remotely installed to hack into devices using the Android, BlackBerry, and iOS operating systems, according to AFP. The attackers reportedly “reverse-engineered the WhatsApp app and developed a program to enable them to emulate legitimate WhatsApp network traffic in order to transmit malicious code” to get into the devices.

Meanwhile, the Israeli NSO Group refuted the allegations levelled against it in a statement. “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” it said. “Our technology is not designed or licensed for use against human rights activists and journalists.”

In the past, the NSO Group has been referred to as a “cyber arms dealer”, according to BBC.

In May, when the breach first came to light, WhatsApp had asked its users to upgrade to the latest version of the app. It had said that this would “protect against potential targeted exploits designed to compromise information stored on mobile devices. The company had then claimed that it had discovered the security flaw earlier in the month while “putting some additional security enhancements to our voice calls”.


Now, follow and debate the day’s most significant stories on Scroll Exchange.