WhatsApp confirms: Israeli spyware was used to snoop on Indian journalists, activists  Seema Chishti. Indian Express  | New Delhi | https://indianexpress.com/article/india/whatsapp-confirms-israeli-spyware-used-snoop-on-indian-journalists-activists-pegasus-facebook-6095296/ Updated: November 1, 2019
It is learnt that at least two dozen academics, lawyers, Dalit activists and journalists in India were contacted and alerted by WhatsApp that their phones had been under state-of-the-art surveillance for a two-week period until May 2019.  ..While WhatsApp declined to reveal the identities and “exact number” of those targeted for surveillance in India, its spokesperson told The Indian Express that WhatsApp was aware of those targeted and had contacted each one of them.

In the lawsuit against the NSO Group and Q Cyber Technologies, WhatsApp alleged that the companies violated US and California laws as well as WhatsApp’s terms of service which prohibit this type of abuse. It claimed that smartphones were penetrated through missed calls alone.

“We believe this attack targeted at least 100 members of civil society which is an unmistakable pattern of abuse. This number may grow higher as more victims come forward,” it said.

The NSO Group, in a statement, said: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists.” After doubts about this technology were first raised in May, the NSO Group said it put in place a ‘Human Rights Policy’ on September 19 which “further embeds human rights protections throughout our business and governance systems”.

The NSO Group, in a statement, said: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists.” After doubts about this technology were first raised in May, the NSO Group said it put in place a ‘Human Rights Policy’ on September 19 which “further embeds human rights protections throughout our business and governance systems”.

NSO responds to snooping row query; gives point by point rebuttal to all charges  https://www.youtube.com/watch?v=5kpdH4efWhk  Jul 19, 2021

Under the banner Snoopgate Bogey rises again, Times now says.. In breaking news coming it, the NSO has responded to a Times Now query and has given a point by point response to all the charges.

The 1st being about the bid to distract from the truth. the story has been built around 37 out of the 50,000 phone numbers. Even for the 37 the reporters failed to proved a definitive link between the numbers and NSO. 

Secondly, the NSO denies any definitive link between NOs, NSO’s.

NSO says that the story has been flimsy from the beginning, the 50,00 list has no ties with NSO. Instead of admitting that there is no "massive" plot, the editors, and reporters are intentionally misleading, using twists and truns to distract from the "truth". 

In addition, the NSO also states that the people who are investigating this case are intentionally misleading, citing that the story has been flimsy from the very beginning. This has been the most detailed response to the Pegasus snoop gate controversy so far. The organisation has declared all the claims as wrong assumptions and uncorroborated theories in the snooping row.

NSO says that it cannot disclose the identities of the customers of whom we have shut down systems, due to contractual and national security considerations, 

NSO has helped prevent gun attacks, gun violence, car explosions, suicide bombings, 

Shehzad Poonawala: Story is a recurjitation of the old story.. sotry is conjecture.. Where has the 50,000 list come from.. Report say that only India has misused it.. Why havent the persons concerned gone to the adjucating authority.  

Sashi Tharoor: Hacking is illegal in our laws, so whether it was authorised or not, if it was done it was illegal. If it was not done by our Government then only a firegn government could have done it, then that is national Security issue 

Ashwini Vaishnav, IT minister in Parliament today..  https://youtu.be/5kpdH4efWhk?t=149 OTT allegations made... as per the report itself.  50000 in the list..  whether it was infected/compromised or subject to attempt hack.. this cannot be determined without subjecting the phone to a technical analysis. So the presence of the number does not prove snooping.. 

Vaishnaw, who was making his first speech in Parliament as the new MeitY minister, said the “highly sensational story” has made several “over the top allegations” but there is “no substance behind them”.

“It is not a coincidence that the reports have been published a day before the monsoon session of Parliament,” he said. “In the past, similar allegations were made [about the use of Pegasus] on WhatsApp but there is no factual basis to these and have been categorically denied.” text from    https://www.hindustantimes.com/india-news/illegal-surveillance-not-possible-minister-ashwini-vaishnaw-on-pegasus-project-101626693447152.html 

Snooping in India: Modi Govt Must Provide Answers | https://youtu.be/m1VrsX7vamo?t=186

Forensic tests conducted as part of this project on a small cross-section of phones associated with these numbers revealed clear signs of targeting by Pegasus spyware in 37 phones, of which 10 are Indian. Without subjecting a phone to this technical analysis, it is not possible to conclusively state whether it witnessed an attack attempt or was successfully compromised.

Apar Gupta  The phone has become a part of our Work and personal life. So a snoop or attack on that is an attack of life..  End user certificate, can be managed only by those who not only have the money but also the  heavy resources to use Pegasus.  So even if it is not the government who is using Pegasus, it is still a National Security issue, which the govt needs to take seriously..  Nut they have said in parliament that anyone having a complaint should file an FIR .. clearly indicting that they are reluctant to take suo moto cognisance of this threat to national security.. 

Siddharth Vardharajan speak to Arfa Sherwani  Whenever Govt has never said that they dont use pegasus.. they only say that surveillance is only done as per law..  But the range of targets are most relevant to govt needs to surveille.  My own phone is targeted by Pegasus. 

How do we ask for accountability and action on this.. ? Need a Parliamentary Committee

In September 2018, The Citizen Lab, a Canadian cybersecurity organisation, published a comprehensive report identifying 45 countries, including India, in which the spyware was being used.   https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/ 

Between August 2016 and August 2018, we scanned the Internet for servers associated with NSO Group’s Pegasus spyware. We found 1,091 IP addresses that matched our fingerprint and 1,014 domain names that pointed to them. We developed and used Athena, a novel technique to cluster some of our matches into 36 distinct Pegasus systems, each one which appears to be run by a separate operator...Our findings paint a bleak picture of the human rights risks of NSO’s global proliferation. At least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.

This article gives some technical details..on how it is done.. 

This report identifies 45 countries with suspected Pegasus spyware infections operated by at least 33 likely NSO customers. We determined this by performing DNS cache probing on domain names we extracted from command and control (C&C) servers matching a newly devised fingerprint for Pegasus. We grouped the C&C servers, with each group representing a single Pegasus operator (assumed to be an NSO customer) using a technique that we call Athena. The resulting global map of NSO Pegasus infections reveals several issues of urgent concern.
Known spyware abusers operating Pegasus 

While some NSO customers may be using Pegasus spyware as part of ‘lawful’ criminal or national security investigations investigations, at least six countries with significant Pegasus operations have a public history of abusing spyware to target civil society.

Widespread cross-border surveillance with Pegasus

Ten Pegasus operators appear to be conducting surveillance in multiple countries. While we have observed prior cases of cross-border targeting,

Failures at due diligence, contribution to global cyber insecurity

The cases identified in this report raise serious doubts as to the depth and seriousness of NSO’s due diligence and concern for human rights protections. They also suggest that the company has a significant number of customers that maintain active infections in other countries, likely violating those countries laws.

Reckless Exploit Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/

https://tspace.library.utoronto.ca/bitstream/1807/96731/1/Report%2393--recklessexploit.pdf