121 Users In India Targeted, Full Extent Of Pegasus Spyware Attack May Never Be Known: WhatsApp Told Govt

TPI Staff November 20, 2019

0 308 2 minutes read

Mumbai: Rejecting allegations regarding the purchase of Israeli spy software Pegasus to tap WhatsApp calls and messages of individuals as “misleading” and attempts to “malign” government’s image, the Centre on Wednesday informed Parliament that its CERT-In division had warned of countermeasures to users about vulnerability in WhatsApp in May.

Following government’s notice seeking more information on the attacks, WhatsApp had responded saying it had alerted the Indian Computer Emergency Response Team (CERT-In) in September that 121 Indian users had been targeted by Pegasus.

Replying to a Lok Sabha question, IT Minister Ravi Shankar Prasad said the government is committed to protecting fundamental rights of citizens, including the right to privacy and added that attempts to malign the government for reported breach are “misleading”.

The Pegasus software is developed by the Israeli based NSO group and over it hacked the WhatsApp of 1400 users of a possible number of 1400 users globally that includes 121 users from India. He said there are adequate provisions in the Information Technology (IT) Act, 2000 to deal with hacking, spyware etc.

“Subsequently, on May 20, 2019, WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks,” the minister said.

He also mentioned the update on security incident by saying, “On September 5, 2019, WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information. It also mentioned that WhatsApp believes it is likely that devices of approximately one hundred and twenty-one users in India may have been attempted to be reached.”

The government informed that the Indian Computer Emergency Response Team (CERT-In) published a vulnerability note on May 17, 2019, advising counter-measures to users regarding a vulnerability in WhatsApp.
“attempts to malign the Government of India for the reported breach are completely misleading, The government is committed to protecting the fundamental rights of citizens, including the right to privacy. The government operates strictly as per provisions of law and laid down protocols,” the minister said.

The government is also preparing to bring a Personal Data Protection Bill during the ongoing winter session of Parliament and the Ministry of Electronics and Information Technology is also working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it is proposed to table it in Parliament.

Follow us on Twitter, Instagram and like us on Facebook for the latest updates and interesting stories.