121 Indian users targeted in Pegasus spyware attack, full extent may never be known: Whatsapp

Electronics and Information Technology Minister Ravi Shankar Prasad on Wednesday told the Lok Sabha that WhatsApp has informed that the full extent of targeting of mobile phone users, including 121 from India, using Israeli Pegasus spyware may never be known and the Computer Emergency

Response Team (CERT-In) has issued a formal notice to the social media platform seeking submission of details and information.

In a written reply, Prasad said that attempts to malign the Government of India for the reported breach are completely misleading.

He said the government has taken note of the fact that a "spyware/malware has affected some Whatsapp users".

The minister said according to WhatsApp, this spyware was developed by an Israel based company NSO Group and that it had developed and used

Pegasus spyware to attempt to reach mobile phones of a possible number of 1400 users globally that includes 121 users from India.

Also watch: All about NSO'S super weapon: Pegasus

He said there are adequate provisions in the Information Technology (IT) Act, 2000 to deal with hacking, spyware etc.

The minister said that CERT-In published a vulnerability note on May 17, 2019, advising countermeasures to users regarding a vulnerability in WhatsApp.

"Subsequently, on May 20, 2019, WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks," the minister said.

"On September 5, 2019, WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information. It also mentioned that WhatsApp believes it is likely that devices of approximately one hundred and twenty-one users in India may have been attempted to be reached," he added.

He said CERT-In has issued a formal notice to WhatsApp seeking submission of relevant details and information based on media reports on October 31, 2019, about such targeting of mobile devices of Indian citizens through WhatsApp by spyware Pegasus.

Referring to reports in a section of media, he said: "attempts to malign the Government of India for the reported breach are completely misleading".
"The government is committed to protecting the fundamental rights of citizens, including the right to privacy. The government operates strictly as per provisions of law and laid down protocols," said he.

The minister said that the Ministry of Electronics and Information Technology is also working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it is proposed to table it in Parliament.