|
Sources familiar with WhatsApp’s internal investigation into the
breach said a “significant” portion of the known victims are
high-profile government and military officials spread across at
least 20 countries on five continents. Many of the nations are
U.S. allies, they said.
The hacking of a wider group of top government officials'
smartphones than previously reported suggests the WhatsApp cyber
intrusion could have broad political and diplomatic
consequences.
WhatsApp filed a lawsuit on Tuesday against Israeli hacking tool
developer NSO Group. The Facebook-owned software giant alleges
that NSO Group built and sold a hacking platform that exploited
a flaw in WhatsApp-owned servers to help clients hack into the
cellphones of at least 1,400 users between April 29, 2019, and
May 10, 2019.
The total number of WhatsApp users hacked could be even higher.
A London-based human rights lawyer, who was among the targets,
sent Reuters photographs showing attempts to break into his
phone dating back to April 1.
While it is not clear who used the software to hack officials'
phones, NSO has said it sells its spyware exclusively to
government customers.
Some victims are in the United States, United Arab Emirates,
Bahrain, Mexico, Pakistan and India, said people familiar with
the investigation. Reuters could not verify whether the
government officials were from those countries or elsewhere.
Some Indian nationals have gone public with allegations they
were among the targets over the past couple of days; they
include journalists, academics, lawyers and defenders of India's
Dalit community.
NSO said in a statement that it was "not able to disclose who is
or is not a client or discuss specific uses of its technology."
Previously it has denied any wrongdoing, saying its products are
only meant to help governments catch terrorists and criminals.
Cybersecurity researchers have cast doubt on those claims over
the years, saying NSO products were used against a wide range of
targets, including protesters in countries under authoritarian
rule.
Citizen Lab, an independent watchdog group that worked with
WhatsApp to identify the hacking targets, said on Tuesday at
least 100 of the victims were civil society figures such as
journalists and dissidents, not criminals.
John Scott-Railton, a senior researcher at Citizen Lab, said it
was not surprising that foreign officials would be targeted as
well.
“It is an open secret that many technologies branded for law
enforcement investigations are used for state-on-state and
political espionage,” Scott-Railton said.
Prior to notifying victims, WhatsApp checked the target list
against existing law enforcement requests for information
relating to criminal investigations, such as terrorism or child
exploitation cases. But the company found no overlap, said a
person familiar with the matter. Governments can submit such
requests for information to WhatsApp through an online portal
the company maintains.
WhatsApp has said it sent warning notifications to affected
users earlier this week. The company has declined to comment on
the identities of NSO Group's clients, who ultimately chose the
targets.
(Reporting by Christopher Bing and Raphael Satter; Editing by
Chris Sanders, Lisa Shumaker and Tom Brown)
[© 2019 Thomson Reuters. All rights
reserved.] Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
