Senior government officials and “America’s allies” were targeted by spyware monitoring software developer NSO Group, according to the head of the encrypted messaging app WhatsApp.
Will Cathcart, who became the head of Facebook in 2019, said that 1,400 WhatsApp users were targeted by governments using NSO Group’s software in the same year. Last week, it was reported that ‘military-grade spyware Pegasus‘ Infiltrated the smartphones of journalists, politicians and human rights activists from NSO Group, According to an investigation by 17 media organizations and Amnesty International.
Mr Cathcart said the attack recently reported in the media was similar to an attack against WhatsApp users two years ago. That attack is now the subject of a lawsuit brought by WhatsApp against NSO Group. Cathcart said:
“The reporting corresponds to the attack we beat two years ago, it is very loudly consistent about that time. This should be a wake-up call for safety on the Internet… Mobile phones are either safe for all or they are not safe for all.”
More than 50,000 phone numbers were on the list of those believed to be of interest to NSO Group’s customers, although the spyware maker says the number is too large to represent individuals targeted by Pegasus. The NSO Group has repeatedly claimed that the reporting of the Pegasus project is “full of misconceptions and unconfirmed theories”, adding that the figures reported are too large. However, Mr Cathcart said:
“Tells us that over the long term, over a multi-year period, the number of people being attacked is much higher. So we felt it was very important to express concern about this.”
WhatsApp’s claims mean the messaging giant has evidence that an NSO Group server attempted to install malicious software on a user’s device. Mr Cathcart also implied that iPhone maker Apple was not vocal about the threats to malware, praising statements from Microsoft and Google “giving spyware firms like NSO immunity”.
“I expect Apple to start taking that approach too. Speak loudly, join in. That’s not enough to say, most of our users don’t need to worry about this. It’s not enough to say ‘ Oh, it’s only thousands or tens of thousands of victims’. If it’s affecting journalists around the world, it’s affecting human rights defenders around the world, it affects all of us. And if nobody’s phone is secure it means everyone’s phone.” not secure.”
Apple declined to comment on Mr Cathcart’s statement. WhatsApp declined to comment further when asked. NSO Group did not respond to a request for comment before the time of publication but commented:
“We are doing our best to help create a safer world. Does Mr Cathcart have other options that enable law enforcement and intelligence agencies to legally detect and prevent malicious acts of paedophiles, terrorists and criminals using end-to-end encryption platforms? If so, we’d be happy to hear that.”
In fact, WhatsApp has systems in place for law enforcement to detect malicious acts using an end-to-end encrypted platform. This is done through metadata – information created by sending a message but that does not include the content of the message – such as the IP address, message frequency, name and profile photo.
Machine learning algorithms then detect abnormal behaviour, Such as exchanging messages with accounts known to share child sexual abuse material.
While such information is helpful to law enforcement, if such data falls into the wrong hands it can be used for nefarious purposes – such as even an IP address can be used as a gateway to more precious personal data., such as the user’s name or location. This is why some privacy advocates, such as Edward Snowden, prefer to use signal, which collects significantly less data on the user.