icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
31 Oct, 2019 11:17

‘Pegasus’ spyware attack: Indian journalists & activists targeted on WhatsApp, lawsuit claims

‘Pegasus’ spyware attack: Indian journalists & activists targeted on WhatsApp, lawsuit claims

At least two dozen Indian academics, lawyers, activists and journalists were targeted by Israeli-made spyware that exploited vulnerabilities in the WhatsApp messaging app, according to a lawsuit filed this week.

The Indian journalists and activists are among some 1,400 people worldwide believed to have been targeted in cyberattacks in April and May, as stated in a lawsuit filed by WhatsApp against Israeli surveillance software company NSO Group in US federal court in San Francisco on Wednesday. 

Hackers exploited a major vulnerability in the messaging application and remotely installed surveillance software called Pegasus on phones and other devices.  

The Pegasus operator would use an ‘exploit link’ sent to the target to penetrate the device's security and install Pegasus without the user's knowledge or permission. The surveillance software then pilfers the target's private data, including passwords, contact lists, calendar events, text messages and live voice calls. The hacker would also gain access to the target device's camera and microphone.

Also on rt.com Protecting monopoly on spying? Facebook sues Israeli cyber firm for exploiting WhatsApp vulnerability

One version of the attack didn't even require an 'exploit link', but instead gained access through a vulnerability via a missed video call on the target phone. 

“We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse,” WhatsApp said in a statement. The company, bought by Facebook in 2014, quickly introduced new protections to its systems and issued updates in the immediate aftermath of the breach. 

WhatsApp spokesperson Carl Woog told The Indian Express newspaper that a "not insignificant number" of India journalists and human rights activists were targeted in the breach, each of which have been informed that their security and privacy were compromised. He declined to give exact figures, however.

Also on rt.com German police will be able to hack WhatsApp, other encrypted messages by end of 2017 – leaked report

For its part, NSO Group denies any wrongdoing, claiming that Pegasus was only sold to government agencies. The NSO Group terminated its agreement with Saudi Arabia following the Khashoggi murder amid rumors that its spyware may have played a role in tracking the journalist.

"In the strongest possible terms, we dispute today's allegations and will vigorously fight them," the company said in a statement.

"The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime."

Think your friends would be interested? Share this story!