Boy am I glad I stopped using WhatsApp. The shit seems to have hit the fan in a rather serious way for WhatsApp (owned by Facebook) as recent developments show. WhatsApp is now suing an Israeli company called NSO Group for abusing vulnerabilities in WhatsApp to hack into people’s phones in order to spy on them.
Here’s from Reuters, “Exclusive: Government officials around the globe targeted for hacking through WhatsApp – sources” (October 31st 2019):
WASHINGTON (Reuters) – Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc’s WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.
Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are U.S. allies, they said.
The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.
A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.
While it is not clear who used the software to hack officials’ phones, NSO has said it sells its spyware exclusively to government customers.
NSO’s hacking software, named Pegasus, was also used to spy on Jamal Khashoggi, the Washington Post journalist murdered by Saudi operatives last year:
“I first started noticing these weird calls in March,” one human rights lawyer told The Telegraph. “It was video calls on WhatsApp, these calls were three or four seconds and by the time you get to the phone the call is gone.”
The lawyer, who requested anonymity, is among a string of people who believe they have been targeted by Pegasus, a powerful smartphone virus developed by a shadowy Israeli security company and sold to security forces around the world.
The software has allegedly been used to remotely target users over WhatsApp, and has recently been reported to have the capability to break into users cloud storage on services like Google Drive and iCloud.
Recently we’ve also had the stories about Huawei using NSO’s software to help governments in African countries to spy on their citizens and read their WhatsApp communications:
A senior police commander relayed a presidential order to access Mr. Wine’s encrypted written and spoken communications, including those through WhatsApp and Skype, to a six-man cyber team based at police headquarters, according to the security officials. They spent days trying to penetrate the communications using the Pegasus spyware but failed.
They asked for help from Huawei technicians—who then cracked Mr. Wine’s encrypted communications using Pegasus within two days, the security officials said.
Now WhatsApp is suing NSO for the damage they are causing worldwide:
WASHINGTON/SAN FRANCISCO (Reuters) – WhatsApp sued Israeli surveillance firm NSO Group on Tuesday, accusing it of helping government spies break into the phones of roughly 1,400 users across four continents in a hacking spree whose targets included diplomats, political dissidents, journalists and senior government officials.
WhatsApp said the attack exploited its video calling system in order to send malware to the mobile devices of a number of users. The malware would allow NSO’s clients — said to be governments and intelligence organizations — to secretly spy on a phone’s owner, opening their digital lives up to official scrutiny.
Lawyer Scott Watnik called WhatsApp’s move “entirely unprecedented,” explaining that major service providers tended to shy away from litigation for fear of “opening up the hood” and revealing too much about their digital security. He said other firms would be watching the progress of the suit with interest.
This move by WhatsApp to sue NSO is indeed unprecedented and I would never have expected Fuckerberg to do something like this. It’s almost as if Fuckerberg wants to show the world that, now, he really does mean it when he says that he values the privacy and security of his users on all of their platforms, including Facebook, WhatsApp and Instagram. As Will Cathcart the head of WhatsApp explained on the Washington Post, “Why WhatsApp is pushing back on NSO Group hacking” (October 29th 2019):
This should serve as a wake-up call for technology companies, governments and all Internet users. Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk.
At WhatsApp, we believe people have a fundamental right to privacy and that no one else should have access to your private conversations, not even us. Mobile phones provide us with great utility, but turned against us they can reveal our locations and our private messages, and record sensitive conversations we have with others.
For years, we have worked to stay ahead of those who seek to violate users’ privacy and security. Just as we have physical locks on our doors at home, WhatsApp builds digital locks to protect our private conversations. The primary security system we use is called end-to-end encryption, which works automatically in such a way that only you and the people you are communicating with have the “keys” to your messages and calls.
At the same time, however, surveillance companies are hunting for work-arounds – by implanting spyware directly onto devices. The attack we saw provides several urgent lessons.
First, it reinforces why technology companies should never be required to intentionally weaken their security systems. “Backdoors” or other security openings simply present too high a danger.
However, WhatsApp having been acquired by Facebook who have demonstrated countless times to give fuck all about the privacy and security of their users, and the original founders of WhatsApp having had problems with Fuckerberg and quitting their jobs at WhatsApp/Facebook, and also in light of recent plans by Facebook to scan and monitor all encrypted private communications of users on all of their platforms including WhatsApp, I think that WhatsApp has lost all credibility when it comes to user privacy and security. I think they know, at the very least, that they are losing credibility very fast, and it won’t surprise me if they are already seeing that reflected in the number of users on their platform. And so the above move to sue NSO should be seen in this light; it seems to be a desperate attempt to salvage what they can and do damage control. But it is too little too late, and in my opinion, very hard to trust them as they might be putting on a show for the general public to fool them to keep trusting and using WhatsApp.
Because the root problem is not the NSO (although the NSO are psychopaths like most people living in the terrorist state of Israhell) but the vulnerabilities in WhatsApp’s software. WhatsApp has a couple of serious design problems that defeat the whole purpose of end-to-end encryption; one of them is the fact that they allow the unencrypted database, where all messages are stored on users’ phones, to be backed up to the cloud, often without the users knowing that this is happening and without knowing what the associated risks are. Someone wanting to read a user’s private communications could, instead of hacking their phone, just try to get access to their cloud storage instead and get their backups.
Practically all software can contain bugs and vulnerabilities, but when you have zero credibility when it comes to valuing the privacy and security of your users, it becomes very difficult to say that you’ve made an honest mistake when there’s a problem. Something like that requires trust and that is not something you can have with anything connected to Facebook and Fuckerberg.
And as for the NSO, its employees appear to be some of the finest psychopaths the terrorist state of Israhell has to offer. As reported by CBC, “International undercover agents target Toronto-based digital rights group Citizen Lab” (January 25th 2019):
The Canadian researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi’s inner circle before his gruesome death are being targeted in turn by international undercover operatives, The Associated Press has found.
Twice in the past two months, men masquerading as socially conscious investors have lured members of the Citizen Lab internet watchdog group to meetings at luxury hotels to quiz them for hours about their work exposing Israeli surveillance and the details of their personal lives. In both cases, the researchers believe they were secretly recorded.
Instead of talking about refugees, Abdul Razzak said, Bowman grilled him about his work for Citizen Lab and its investigations into the use of NSO’s software. Abdul Razzak said Bowman appeared to be reading off cue cards, asking him if he was earning enough money and throwing out pointed questions about Israel, the war in Syria and Abdul Razzak’s religiosity.
“Do you pray?” Abdul Razzak recalled Bowman asking. “Why do you write only about NSO?” “Do you write about it because it’s an Israeli company?” “Do you hate Israel?”
Abdul Razzak said he emerged from the meeting feeling shaken. He alerted his Citizen Lab colleagues, who quickly determined that the breakfast get-together had been a ruse.
Bowman’s supposed Madrid-based company, FlameTech, had no web presence beyond a LinkedIn page, a handful of social media profiles and an entry in the business information platform Crunchbase. A reverse image search revealed that the profile picture of the man listed as FlameTech’s chief executive, Mauricio Alonso, was a stock photograph.
“My immediate gut feeling was: ‘This is a fake,”‘ said John Scott-Railton, one of Abdul Razzak’s colleagues.
Scott-Railton flagged the incident to the AP, which confirmed that FlameTech was a digital facade.
It looks like you cannot be too careful and paranoid in the time we’re living in right now. Read the whole CBC article to get an idea of how far these people can go and what you can look for in order to detect traps being laid out for you.
If you care about privacy and security, you should stop using anything by Facebook as soon as possible, including WhatsApp and Instagram. You may want to look into Signal as a replacement for WhatsApp.