Last week, Google revealed that the over 12K users across 129 countries, out of which approximately 500 were Indians, might have been targeted by government-backed attackers. Surprisingly, the Indian government has decided to look past the incident, letting the global tech giant off the hook.
However, the Indian government will be issuing a notice to Google inquiring why the company did not inform the authorities about the attacks earlier. A government official told ET that Google should have informed the Indian cybersecurity body Computer Emergency Response Team (CERT-In) about the attacks. However, the government has made no reference to its role in the attack or whether it will be investigated.
The government will also be seeking more details of the attack and the impact it had on the Indian users. It wants to know what sort of information were stolen and which parties/organisation were behind the attack.
Is Pegasus Spyware Any Different From Google Attack?
Government’s reaction to Google’s attack comes as a shock, especially after the way it reacted to the Pegasus spyware attack, which used Facebook-owned WhatsApp to snoop on over 1400 users from 143 countries. Out of these, 121 users were from India, according to reports.
Journalists, academias, activists and political campaigners were the main targets of Pegasus Spyware attack through WhatsApp. In a blogpost, Google also considered the users from these professions to be “high-risk users” and recommended them to apply for Advanced Protection Program (APP).
Although Google did not reveal the exact number of Indians that were affected, the heat map indicated that at least 500 India users fell victim to the attack.
The Indian government believes that both the attacks were different as in the google case, the victims were attacked through “phishing”. Phishing is hacking into people’s accounts by sending fraudulent emails by purporting to be from reputable companies.
The government believes that the phishing attack was not due to any vulnerabilities of Google, whereas, for WhatsApp, the hacker had used the flaws and vulnerabilities of the platform to inject malware to spy on people.
A government official told ET that “In this case, the problem is not with Google, the attacks were mostly through phishing, therefore there is no need for more scrutiny.”