Mumbai: Over the last two years, Nagpur-based human rights lawyer Nihalsing Rathod has received receiving calls on WhatsApp from unknown numbers. These calls would be made from international numbers, and would invariably turn out to be a group call.

The moment Rathod answered them, the call would disconnect. He assumed these were innocuous calls made to his number but as a safety measure, reported each of the “suspicious calls” to WhatsApp.

On October 7, 2019, Rathod, however, was contacted by a senior researcher from the Toronto University’s CitizenLab informing him that he faced  a “specific digital risk”.

“John Scott-Railton, the senior researcher told me that his lab had followed my work and during their research had found out that my profile was under a surveillance attack. All those calls made to me for two years suddenly began to make sense,” Rathod told The Wire.

CitizenLab was one of the first few organisations to examine how the Israeli surveillance firm NSO Group’s Pegasus spyware operated. In September 2018, it published comprehensive research identifying 45 countries, including India, in which operators of the spyware may be conducting operations.

The NSO Group has been in the spotlight this week after WhatsApp filed a lawsuit against them, alleging that they exploited a vulnerability in its video-calling feature to specifically target and snoop on over 1,400 users including activists and journalists.

The conversation between a Citizen Lab researcher and Rathod. Credit: The Wire.

The conversation between a Citizen Lab researcher and Rathod. Credit: The Wire.


The conversation between a Citizen Lab researcher and Rathod. Credit: The Wire.

The conversation between a Citizen Lab researcher and Rathod. Credit: The Wire.

Rathod wrote to WhatsApp once again, with newer information from CitizenLab and this time he says he received a response on the same platform.

“In May we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted, and we want to make sure you know how to keep your phone secure,” the message from WhatsApp read, along with further steps to be taken to ensure security protections on his phone.

While WhatsApp’s message didn’t specifically mention Pegasus or the NSO group,  Rathod says the possibility of it is very high.

The Wire has separately confirmed that this is indeed the message that was sent by WhatsApp to people it detected were targeted by Pegasus.

The message that Rathod received from WhatsApp. Credit: The Wire.

The message that Rathod received from WhatsApp. Credit: The Wire.

On Thursday, the Indian Express reported that the Facebook-owned platform said journalists and human rights activists in India have been targets of surveillance by operators using  Pegasus.

WhatsApp recently made details of this clear in a broader disclosure before a US federal court in San Francisco. It is still unclear the extent of this threat and how many WhatsApp profiles were compromised.

Bhima Koregaon

Rathod is one of the lawyers handling the Bhima Koregaon case in which nine activists and lawyers have been arrested since June 2018. His senior legal mentor Surendra Gadling is among those arrested and was booked under several sections of the Unlawful Activities (Prevention) Act (UAPA) and the Indian Penal Code.

Rathod says that he is not the only one in his human rights activists circle who has complained of such calls. At least two other lawyers, both connected with the ongoing Bhima Koregaon trial and Gadling’s wife Minal Gadling have received similar calls.

One of them has confirmed having received a call and series of messages from CitizenLab informing her about a possible threat. She has, however, not received any email or message from WhatsApp.

Rupali Jadhav, a 33-year-old cultural and anti-caste activist from Pune shared screenshots of messages that she had received from both WhatsApp and Citizen Lab two days ago. Jadhav however says she had not received any WhatsApp call from an “unknown number” or had seen any suspicious activity on the application.

Jadhav, who has been associated with an anti-caste cultural group Kabir Kala Manch (KKM) for over a decade has been handling the social media handles of several social movements in the state. She says that may have been one of the primary reasons why her profile has got compromised.

“I am the official administrator of the WhatsApp and Facebook pages of Kabir Kala Manch, Bhima Koregaon Shaurya Din Prerana Abhiyan, Elgaar Parishad, and the political party Vanchit Bahujan Aghadi. These spaces have been actively involved in confronting the state and have been asking uneasy questions. This is more to do with the organizations than me particularly,” Jadhav says.

Most persons associated with the KKM has had cases of UAPA registered against them and have been released on bail bond after having been incarcerated for several years.

According to the Indian Express report, at least two dozen academics, lawyers, Dalit activists and journalists in India were contacted and alerted by WhatsApp that their phones had been under state-of-the-art surveillance for a two-week period until May 2019.

The WhatsApp calls that Rathod used to get. Credit: The Wire.

An example of the mysterious WhatsApp calls that Rathod used to get. Credit: The Wire.

Rathod, however, says that he had been receiving these calls much before – and after – this two-week window period as mentioned by WhatsApp.

The NSO Group, in its response to the legal suit, has claimed that the Pegasus spyware has been sold only to government agencies.

Rathod says he looks at the attack on his profile as a serious attempt to victimise and possibly target more human rights lawyers. “My WhatsApp profile was not chosen randomly but by design. We are a handful of human rights lawyers who are confronting the current dispensation and are in the process of exposing the different strategies used to arrest human rights activists in the country.”

“I have reason to believe that the Bhima Koregaon case is based on the letters which were planted through this route or some other route by government agencies itself. The ridiculous contents of those letters make it more apparent,” he told The Wire.

Expressing concern over the development, Amnesty International India, in a statement, said, “This is a grave violation of the activists’ fundamental right to privacy enshrined in both national and international law.”

The human rights organisation has sought the NSO group’s license to be revoked. “On November 7, the Tel Aviv’s District Court is due to hear a legal case arguing that Israel’s Ministry of Defence (MoD) should revoke NSO Groups export license. The company’s Pegasus software has been used to target journalists and activists across the globe – including in Morocco, Saudi Arabia, Mexico and the United Arab Emirates. An Amnesty International staff member was also targeted using NSO malware,” the statement read.

Responding to the threat faced by activists and journalist globally, Danna Ingleton, deputy director of Amnesty Tech said, “NSO says its spyware is solely intended to ‘prevent crime and terrorism’, but instead the firm’s invasive surveillance tools are being used to commit human rights abuses. The safest way to stop NSO’s spyware products reaching governments who plan to misuse them is to revoke the company’s export license.”

Amnesty International has announced its legal support in the case in Tel Aviv District Court to force the Israeli Ministry of Defence to stop NSO’s spyware products.


Contents are their respective owners. This content is auto managed. To remove article send the link along with REMOVE subject line and send it to alayaran [AT] gmail [DOT] com.

Source link