Pegasus Spyware: Lawyer Defending Bhima-Koregaon Activists Received Warning from WhatsApp

RIGHTS

TECH

Sukanya Shantha

Nihalsing Rathod says he was first contacted by CitizenLab researchers, who have done work on Pegasus, and then later by WhatsApp about his phone being compromised.

Mumbai: Over the last two years, Nagpur-based human rights lawyer Nihalsing Rathod has received receiving calls on WhatsApp from unknown numbers. These calls would be made from international numbers, and would invariably turn out to be a group call.

The moment Rathod answered them, the call would disconnect. He assumed these were innocuous calls made to his number but as a safety measure, reported each of the “suspicious calls” to WhatsApp.

On October 7, 2019, Rathod, however, was contacted by a senior researcher from the Toronto University’s CitizenLab informing him that he faced  a “specific digital risk”.

“John Scott-Railton, the senior researcher told me that his lab had followed my work and during their research had found out that my profile was under a surveillance attack. All those calls made to me for two years suddenly began to make sense,” Rathod told The Wire.

CitizenLab was one of the first few organisations to examine how the Israeli surveillance firm NSO Group’s Pegasus spyware operated. In September 2018, it published comprehensive research identifying 45 countries, including India, in which operators of the spyware may be conducting operations.

NSO Group has been in the spotlight this week after WhatsApp filed a lawsuit against them, alleging that they exploited a vulnerability in its video-calling feature to specifically target and snoop on over 1,400 users including activists and journalists.

The conversation between a Citizen Lab researcher and Rathod. Credit: The Wire.

The conversation between a Citizen Lab researcher and Rathod. Credit: The Wire.

Rathod wrote to WhatsApp once again, with newer information from CitizenLab and this time he says he received a response on the same platform.

“In May we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted, and we want to make sure you know how to keep your phone secure,” the message from WhatsApp read, along with further steps to be taken to ensure security protections on his phone.

While WhatsApp’s message didn’t specifically mention Pegasus or the NSO group,  Rathod says the possibility of it is very high.

The Wire has separately confirmed that this is indeed the message that was sent by WhatsApp to people it detected were targeted by Pegasus.

The message that Rathod received from WhatsApp. Credit: The Wire.

On Thursday, the Indian Express reported that the Facebook-owned platform said journalists and human rights activists in India have been targets of surveillance by operators using  Pegasus.

WhatsApp recently made details of this clear in a broader disclosure before a US federal court in San Francisco. It is still unclear the extent of this threat and how many WhatsApp profiles were compromised.

Bhima Koregaon

Rathod is one of the lawyers handling the Bhima Koregaon case in which nine activists and lawyers have been arrested since June 2018. His senior legal mentor Surendra Gadling is among those arrested and was booked under several sections of the Unlawful Activities (Prevention) Act (UAPA) and the Indian Penal Code.

Rathod says that he is not the only one in his human rights activists circle who has complained of such calls. At least two other lawyers, both connected with the ongoing Bhima Koregaon trial and Gadling’s wife Minal Gadling have received similar calls.

One of them has confirmed having received a call and series of messages from CitizenLab informing her about a possible threat. She has, however, not received any email or message from WhatsApp.

Another Maharashtra-based civil rights activist has claimed that she has received similar messages, both from WhatsApp and Citizen Lab, informing her about a malware threat to her profile. The activist, who did not want her name to be revealed, has confirmed that she was contacted earlier this month and that she was asked to follow security steps on her phone to ensure the application was secured. This activist too has been actively involved in the Bhima Koregaon agitation since January 2018.

The Wire has confirmed that this activist also received the same warning from WhatsApp.

According to the Indian Express report, at least two dozen academics, lawyers, Dalit activists and journalists in India were contacted and alerted by WhatsApp that their phones had been under state-of-the-art surveillance for a two-week period until May 2019.

An example of the mysterious WhatsApp calls that Rathod used to get. Credit: The Wire.

Rathod, however, says that he had been receiving these calls much before – and after – this two-week window period as mentioned by WhatsApp.

The NSO Group, in its response to the legal suit, has claimed that the Pegasus spyware has been sold only to government agencies.

Rathod says he looks at the attack on his profile as a serious attempt to victimise and possibly target more human rights lawyers. “My WhatsApp profile was not chosen randomly but by design. We are a handful of human rights lawyers who are confronting the current dispensation and are in the process of exposing the different strategies used to arrest human rights activists in the country.”

“I have reason to believe that the Bhima Koregaon case is based on the letters which were planted through this route or some other route by government agencies itself. The ridiculous contents of those letters make it more apparent,” he told The Wire.

Expressing concern over the development, Amnesty International India, in a statement, said, “This is a grave violation of the activists’ fundamental right to privacy enshrined in both national and international law.”

The human rights organisation has sought the NSO group’s license to be revoked. “On November 7, the Tel Aviv’s District Court is due to hear a legal case arguing that Israel’s Ministry of Defence (MoD) should revoke NSO Groups export license. The company’s Pegasus software has been used to target journalists and activists across the globe – including in Morocco, Saudi Arabia, Mexico and the United Arab Emirates. An Amnesty International staff member was also targeted using NSO malware,” the statement read. 

Responding to the threat faced by activists and journalist globally, Danna Ingleton, deputy director of Amnesty Tech said, “NSO says its spyware is solely intended to ‘prevent crime and terrorism’, but instead the firm’s invasive surveillance tools are being used to commit human rights abuses. The safest way to stop NSO’s spyware products reaching governments who plan to misuse them is to revoke the company’s export license.” 

Amnesty International has announced its legal support in the case in Tel Aviv District Court to force the Israeli Ministry of Defence to stop NSO’s spyware products. 

https://thewire.in/tech/pegasus-spyware-bhima-koregaon-activists-warning-whatsapp