Government may spare Google from its phishing probe
The government is nevertheless planning to issue a notice to Google asking why it had not informed the authorities about the attack. It will also seek details of the cyber attack and its impact on Indian users, another government official said.
Google may not be treated the same way as WhatsApp as the attack was not due to any vulnerability on its platform that hackers could exploit, unlike the Facebook-owned instant messaging app, where a flaw was used to inject malware, affecting 121 users in India, including activists, lawyers and journalists.
In the case of Google, cyber hacking techniques such as phishing were employed, with users being responsible if they fell prey to the phishing attempt, the first official quoted earlier said.
“In this case, the problem is not with Google, the attacks were mostly through phishing, therefore there is no need for more scrutiny,” the official said.
Phishing is defined as a fraudulent attempt to obtain sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
“We routinely provide these types of warnings to users, with tips on how to protect their accounts. The warnings themselves do not mean that a user’s account has been compromised,” a Google spokesperson told ET in an email.
Google should have informed the Indian Computer Emergency Response Team (CERT-In) about these attempts, another official said. “The government wants to understand the extent of the impact in India, including the exact number of users impacted,” said the second official.
The government also wants to know what information has been stolen and the organisations that were behind these attacks. The official, however, did not say if the government’s alleged involvement in this instance would also be investigated.
In October, WhatsApp accused Israeli cyber intelligence firm NSO Group of injecting the malware Pegasus to snoop on over 1,400 people globally. Following the revelation, the government sent a series of notices to the company asking for information on the spyware attack.
Union minister for electronics and IT, Ravi Shankar Prasad, informed Parliament last week that the government also wants to conduct an audit of WhatsApp's security systems and has sent a notice to the NSO Group as well.