WASHINGTON (Reuters) – High-ranking government officials in several US-allied countries were attacked earlier this year with hacking software used by Facebook's WhatsApp to take over users' phones, according to people involved in the messaging Company are familiar.
FILE PHOTO: The WhatsApp messaging application will appear on a phone screen on August 3, 2017. REUTERS / Thomas White / File Photo
Sources familiar with WhatsApp's in-house investigations into security breaches said a "significant" portion of the known victims are high-profile government and military officials scattered across at least 20 countries on five continents , Many of the nations are US allies, they said.
Hacking a larger group of smartphones from top government officials than previously indicated suggests that WhatsApp's intrusion into the Internet could have far-reaching political and diplomatic consequences.
WhatsApp filed a lawsuit against Israeli hacking tool developer NSO Group on Tuesday. Facebook's software giant claims the NSO Group has built and sold a hacking platform that exploited a bug in WhatsApp's own servers to help customers get in between April 29, 2019 and May 10, 2019 to hack the phones of at least 1,400 users.  The total number of hacked WhatsApp users could be even higher. A London-based human rights lawyer, who was among the target groups, sent Reuters photos showing attempts to break into his phone, which dates back to April 1, says it sells its spyware exclusively to government customers.
Some victims are in the United States, the United Arab Emirates, Bahrain, Mexico, Pakistan and India, said people who are familiar with the investigation. Reuters was unable to verify that government officials came from these or other countries.
Some Indian nationals have made public allegations in recent days that they have been among the target groups. These include journalists, scientists, lawyers and defenders of the Dalit Indian community.
NSO stated in a statement that it was "unable to disclose who a customer is or is not, or to discuss certain uses of its technology". Previously, it has denied any wrongdoing, claiming that its products are only intended to assist governments in detecting terrorists and criminals.
Cybersecurity researchers have voiced doubt over these claims over the years, claiming that NSO products have been used against a wide range of objectives, including demonstrators in authoritarian countries.
Citizen Lab, an independent monitoring group working with WhatsApp to identify hacking targets, said on Tuesday that at least 100 of the victims were civil society figures such as journalists and dissidents rather than criminals.
John Scott-Railton, a senior researcher at Citizen Lab, said it was not surprising that foreign officials were also being attacked.
"It is an open secret that many law enforcement technologies are used for state and political espionage," said Scott-Railton.
Prior to notifying victims, WhatsApp reviewed the target list against existing law enforcement requests for information related to criminal investigations such as terrorism or cases of child exploitation. However, the company has not identified any overlaps, a person familiar with the matter said. Governments can send such requests for information to WhatsApp via a corporate-managed online portal.
WhatsApp sent warning messages to affected users earlier this week. The company has declined to comment on the NSO Group's customers who have finally selected the targets.
coverage by Christopher Bing and Raphael Satter; Edited by Chris Sanders, Lisa Shumaker and Tom Brown