As WhatsApp snooping of human rights activists and journalists in India reached political corridors on Thursday, an RTI reply accessed by IANS has revealed that the Indian government flatly denied either purchasing or planning to purchase the infamous software in question developed by Israeli cyber intelligence company NSO Group. Pegasus allegedly exploited WhatsApp's video calling system with installing the spyware via giving missed calls to snoop on 1,400 select users globally, including over 20 people in India.
In a reply to an RTI plea filed on October 23 which asked whether the Indian government has purchased or given purchase order for the software called Pegasus from the NSO Group, the Ministry of Home Affairs replied on October 31: "Please refer to your online RTI application dated 23.10.2019 received by the undersigned CPIO on 24.10.2019. It is informed that no such information is available with the undersigned CPIO."
"An appeal, if any, against this reply can be made within 30 days," the MHA reply added.
Significantly, the reply came on the day when the WhatsApp spygate drove both the BJP and the Congress leaders into heated arguments over various social media platforms.
IT Minister Ravi Shankar Prasad joined the debate, saying the government is concerned at the breach of the privacy of citizens of India on the messaging platform WhatsApp and has asked the platform to explain the breach.
The country went berserk after WhatsApp confirmed that Indian human rights activists and journalists were among those targeted by the Israeli spyware Pegasus.
The Home Ministry issued a separate statement on the WhatsApp controversy: "Some statements have appeared based on reports in the media, regarding breach of privacy of Indian citizens on WhatsApp. These attempts to malign the Government of India for the reported breach are completely misleading.
"The Government of India is committed to protect the fundamental rights of citizens, including the right of privacy; and will take strict action against any intermediary responsible for breach of privacy."
The NSO Group limits sales of Pegasus to state intelligence agencies and others. The software has the ability to collect intimate data from a target device.
Pegasus spyware can be installed on devices as "exploit links".
Upon clicking on the link, Pegasus secretly enables a jailbreak on the device and can read text messages, track calls, collect passwords, trace the phone location, as well as gather information from apps including (but not limited to) iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype.
According to cyber security experts, the victims of the latest WhatsApp spyware attack may have lost important personal information including location data and email content.
"The bug can be exploited based on a decades-old type of vulnerability - a buffer overflow," Carl Leonard, Principal Security Analyst at cybersecurity company Forcepoint, told IANS.
"One could assume that an attacker may seek out bulk contact lists, email data, location data or other personal information," Leonard added.