Pegasus leaks: WhatsApp boss says top government officials were targeted in 2019 by NSO spyware | #cybersecurity | #cyberattack


Top officials around the world were targeted in phone hacks through WhatsApp by governments using Israeli NSO Group spyware, the messaging app’s chief executive has revealed.

More than 1,400 WhatsApp users – including government officials and military officers in 20 ‘US-allied countries’ – were targeted in a 2019 attack, according to Will Cathcart.

The revelation comes after details emerged last week of how the Israeli surveillance firm NSO was selling its ‘Pegasus’ software to government clients worldwide.

The software allows its users to exploit a person’s phone and use it to access contacts, messages and even turn on the microphone to snoop on conversations. 

The leak revealed how senior government officials, including French president Emmanuel Macron, as well as journalists, lawyers and activists were selected as candidates for possible surveillance through the NSO software.

And Mr Cathcart says he has seen parallels between the latest leak – exposed by a group of media organisations under the name ‘the Pegasus project’- and the 2019 attack against WhatsApp users.

He said senior government officials, journalists and human rights activists were targeted in the 2019 attack – similar to what has been reported in the recent Pegasus leak.

Mr Cathcart, head of the Facebook-owned messaging service, told the Guardian: ‘The reporting (in the Pegasus leak) matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then.’

More than 1,400 WhatsApp users – including government officials and military officers in 20 ‘US-allied countries’ – were targeted in the 2019 attack, according to Will Cathcart (pictured)

NSO targeted WhatsApp users through its video call function. They did not have to pick up the phone in order to be exploited. Above is an example that was shared by Citizen Lab, the research company it partnered with to produce a report on the May 2019 breach 

WhatsApp is suing the Israeli spyware firm NSO claiming it should be permanently blocked. They allege NSO sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users

He also revealed that many of the WhatsApp users targeted in the 2019 attack had ‘no business being under surveillance in any way, shape, or form’, adding: ‘This should be a wake up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.’

His comments come after it was revealed how French president Macron’s phone number was among potential targets of a huge international spying operation.

The French president is among 50,000 politicians, journalists and human rights activists around the world said to have been identified as ‘people of interest’ by clients of Israeli firm NSO.

His comments come after it was revealed how French president Emmanuel Macron’s (pictured) phone number was among potential targets of a huge international spying operation

The Paris prosecutor’s office is investigating suspected widespread use of its Pegasus spyware and an official in the president’s office said: ‘If this is proven, it is clearly very serious.’

Investigator Laurent Richard said on French TV earlier this week: ‘We found these numbers but we obviously couldn’t do a technical analysis of Emmanuel Macron’s phone to determine if it had been infected with a spying device.’

Other leaders on the list that emerged include South African president Cyril Ramaphosa and World Health Organisation chief Tedros Adhanom Ghebreyesus.

President Imran Khan of Pakistan was also among potential targets found on a list of numbers leaked to Amnesty and the Paris-based journalism nonprofit Forbidden Stories.

Targets also included friends of Saudi-born Washington Post reporter Jamal Khashoggi before his murder by a Saudi hit squad in 2018. 

The use of the software, called Pegasus and developed by Israel’s NSO group, was reported on by the Washington Post, the Guardian, Le Monde and other news outlets who collaborated on an investigation into a data leak.

The leak was of a list of up to 50,000 phone numbers believed to have been identified as people of interest by clients of NSO since 2016.

One of those targeted was Khashoggi’s wife Hanan Elatr. Her phone – as well as that of a second female associate – was allegedly targeted before his death.

The Washington Post was one of the first outlets to break the story, publishing a 4,000-word dive into the spyware and its influence. 

NSO began selling its smartphone spyware to governments in 2011 and has always kept its operations under lock and key.

One of those targeted was Hanan Elatr, left, the wife of Saudi-born Washington Post journalist Jamal Khashoggi, who was murdered by a Saudi hit squad in 2018. Her phone – as well as that of a second female associate – was allegedly targeted before his death

President Imran Khan of Pakistan was also among potential targets found on a list of numbers leaked to Amnesty and the Paris-based journalism nonprofit Forbidden Stories

According to a Fast Company article published in March 2019, when one of the outlet’s reporters called an NSO office in 2017, a representative said they didn’t speak to journalists and hung up.

But the company fell under scrutiny in 2019 after a number of lawsuits from people alleging that NSO was using its spyware against them.

This includes Whatsapp, who launched a lawsuit against NSO in late 2019, claiming that the Israeli firm was responsible for sending malware to the phones of Whatsapp users.

According to the Guardian, a judge in the case said the claim that malicious code owned by NSO was sent through WhatApp’s service did not appear to be disputed.

The paper says that the lawsuit instead revolves around whether NSO or its customers were to blame.  

WhatsApp is seeking an injunction which will block NSO from using its service permanently and says the firm should be blacklisted internationally.

Meanwhile, Mr Cathcart earlier this week took to Twitter to call on Governments, tech companies and human rights groups to work together to combat hacking.

He said in a series of Tweets: ‘Human rights defenders, tech companies and governments must work together to increase security and hold the abusers of spyware accountable. Microsoft was bold in their actions last week.

‘We need more companies, and, critically, governments, to take steps to hold NSO Group accountable.

‘Once again, we urge a global moratorium on the use of unaccountable surveillance technology now.’

An NSO spokesperson told MailOnline: ‘Millions of people around the world are sleeping well at night, and safely walking in the streets, thanks to Pegasus and similar technologies which help intelligence agencies and law enforcement agencies around the world to prevent and investigate crime, terrorism, and pedophilia rings that are hiding under the umbrella of End-to-End encryption apps.

‘NSO, together with many of the other cyber intelligence companies in the world, provides cyber intelligence tools for governments because law enforcement agencies around the world are in the dark and there’s no regulatory solution that allows them to monitor malicious acts on instant messaging and social media.

‘We reiterate: NSO does not operate the technology, nor do we have visibility to the data collected. 

‘Our products, sold to vetted foreign governments, cannot be used to conduct cybersurveillance within the United States, and no foreign customer has ever been granted technology that would enable them to access phones with U.S. numbers. It is simply technologically impossible.

‘We are doing our best to help creating a safer world.’

On Mr Cathcart’s comments, the spokesperson added: ‘Does Mr. Cathcrat’s have other alternatives that enables law enforcement and intelligence agencies to legally detect and prevent malicious acts of paedophiles, terrorists and criminals using End to End encryption platforms? If so, we would be happy to hear.’



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

seventy eight − = seventy six