Connect with us

Tech

Why we should be worried about the suspected WhatsApp hackers

For most people, most of the time, hacks are like natural disasters. They arise, seemingly out of nowhere, then die down, leaving devastation in their wake.

Stories about the damage may dribble out later, but most of the details remain a mystery. Very often, we don't know who performed the hack.

We're unlikely to find out what they did with the data they stole. We may know a name of the company or institution that was targeted, but the identities of the victims are lost to posterity.

This latest surveillance attack is different.

We know for the most part how it was achieved: using a major security vulnerability in messaging app WhatsApp.

Advertisement

We know who was targeted: human rights lawyers and campaigners, including staff at Amnesty International.

Most unusually, we also know – or believe we know – the identity of the culprit.

More from Science & Tech

  • WhatsApp points finger at Israeli firm over hack

  • What you need to do about the WhatsApp vulnerability

  • Antibiotics could help thousands of women through assisted delivery

  • Vodafone slashes share payout after posting £6.6bn loss

  • Moon is shrinking 'like a raisin' and shaking, says NASA

  • Elon Musk unveils 60 internet satellites ready for launch to boost coverage on earth

What you need to do about the WhatsApp vulnerability

Political dissidents, human rights defenders, opposition politicians and journalists in 45 countries may have been targeted

This attack has been linked to secretive Israeli firm NSO Group, best known for developing Pegasus – spyware that can read phone messages, track calls and videos, trace the location of a phone and even collect passwords.

In the cybersecurity community, the news caused shock, but little surprise.

"It's not surprising that NSO came up with it," one source told me. "They are quite quick to give demos on these things to potential customers.

"They don't reveal specifics, but they walk you into a room and show you the real time exploitation of an iPhone."

A hack on one of the most popular messaging channels in the world is worrying enough. Yet what makes this attack especially concerning is the identity of NSO's customers and their reported targets.

NSO Group sells its software to governments around the world, in particular in the Middle East, a business that has given it a market valuation of around $1bn (£770m). This single bug alone will have meant millions of pounds in revenue.

Jamal Khashoggi
Image: Friends of murdered journalist Jamal Khashoggi claim his phone was infiltrated with Pegasus

The firm claims its software has been used to defeat terrorists and drug cartels.

But if these reports are correct, then that same software – which doesn't need its victim to click on a link or open a document, but can be directed precisely by the attacker at the time and place of their choosing – is being used to target human rights campaigners.

This isn't the first time these accusations have been aired. Friends of the murdered journalist Jamal Khashoggi allege that his phone was infiltrated by Pegasus before he was killed by Saudi government hitmen.

The revelations raise troubling questions about the international trade in spyware, which until recently was believed to be restricted to agencies such as GCHQ.

Now, it seems, this weaponised software is for sale to anyone at a price – and not even the engineers of the world's biggest tech firms can keep it at bay.

Continue Reading




Subscribe

Trending