Messaging app said it had 'high confidence' some users were targeted and 'possibly compromised' by Paragon Solutions spyware:
Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday.
The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the 90 users in question had been targeted and "possibly compromised".
It is not clear who was behind the attack. Like other spyware makers, Paragon's hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.
Experts said the targeting was a "zero-click" attack, which means targets would not have had to click on any malicious links to be infected.
[...] WhatsApp said it had sent Paragon a "cease and desist" letter and that it was exploring its legal options. WhatsApp said the alleged attacks had been disrupted in December and that it was not clear how long the targets may have been under threat.
Originally spotted on Schneier on Security.
Related:
- Journalist Sues Predator Spyware Maker for Allegedly Helping Government Surveil Him
- Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses
- The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit
Related Stories
The Citizen Lab found that the iPhones of dozens of journalists were hacked using an invisible zero-day zero-click exploit in iMessage.
The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit:
Summary & Key Findings
- In July and August 2020, government operatives used NSO Group's Pegasus spyware to hack 36 phones belonging to journalists and employees at Al Jazeera. The phone of a journalist at London-based Al Araby TV was also hacked.
- The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple's then-latest iPhone 11.
- Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.
- The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
- We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system.
- Given the global reach of NSO Group's customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a miniscule fraction of the total attacks leveraging this exploit.
There are other findings which are then followed by an in-depth analysis of a few infections. The story concludes with an admonition to "Update your iOS Device Immediately":
Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses
Data leaked to a consortium of news organizations suggests that several countries use Pegasus, a powerful cyberespionage tool, to spy on rights activists, dissidents and journalists.
A major Israeli cyber-surveillance company, NSO Group, came under heightened scrutiny Sunday after an international alliance of news outlets reported that governments used its software to target journalists, dissidents and opposition politicians.
The Israeli government also faced renewed international pressure for allowing the company to do business with authoritarian regimes that use the spyware for purposes that go far afield of the company's stated aim: targeting terrorists and criminals.
[...] The allegations may escalate concerns that the Israeli government has abetted government abuses by granting NSO an export license to sell software to countries that use it to suppress dissent.
The accounts, published by The Washington Post and an alliance of 16 other international news outlets, follow recent reporting by The [New York] Times that Israel permitted NSO to do business with Saudi Arabia, and encouraged it to keep doing so even after the Saudi government was implicated in the 2018 assassination of a Saudi journalist and dissident, Jamal Khashoggi.
Pegasus: The new global weapon for silencing journalists
Also at Business Insider, The Hill, The Verge, and Al Jazeera.
Related: Israeli Firm NSO Linked to WhatsApp Hack, Faces Lawsuit Backed by Amnesty International
Saudi Crown Prince's WhatsApp Account Reportedly Used to Hack Jeff Bezos
The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit
A Greek financial journalist is one of several who believe they have been targeted for surveillance by the nation's government with the help of Intellexa:
In late March 2021, Thanasis Koukakis was notified by a team of digital researchers that his phone had been infected with malware. A reporter who typically covers finance, Koukakis had been in the midst of investigating corruption issues when his device was infected. Research later showed that his phone had been under surveillance for approximately two months.
It turned out that he had been targeted with "Predator," a commercial spyware capable of infiltrating mobile phones and stealing pretty much everything inside of them—videos, pictures, text messages, search history, passwords, call logs, and more. Like a lot of other commercial spyware tools, Predator is typically sold to high-paying government clients—in this case, by a company called Cytrox. A secretive surveillance firm based in North Macedonia, Cytrox is owned by an Israeli parent company called Intellexa.
[...] The Greek government has, however, admitted to spying on Koukakis. In a parliamentary committee hearing in August, the head of the Greek equivalent of the CIA confessed that his agency had surveilled the journalist. However, the government has denied that it uses Predator or maintains any association with Intellexa.
Some interesting comments on Bruce Schneier's blog. Originally spotted on The Eponymous Pickle.
(Score: 5, Insightful) by Thexalon on Monday February 10, @12:49PM (8 children)
I can't imagine any reason why Israel in particular would want to dig up dirt on journalists who might write something critical of their actions. I mean, it's not like their leaders have warrants from the International Criminal Court, or recently announced in a joint press conference with the US president an intent to commit war crimes, or have a habit of "accidentally" killing journalists [cbsnews.com]. Whoopsie.
I'm not saying nobody else has motivation to do something like that, but this sure seems like it could be Mossad.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 3, Insightful) by HeadlineEditor on Monday February 10, @12:53PM
Every. Single. Time.
(Score: 4, Interesting) by Mojibake Tengu on Monday February 10, @01:47PM (1 child)
If a journalist is blackmailable they do not need to kill him.
Let's look at it from the bright side: spyware saves lives...
Rust programming language offends both my Intelligence and my Spirit.
(Score: 2) by Thexalon on Monday February 10, @03:10PM
Only if they give into the blackmail of course. If they print what they were going to anyways, on the other hand ...
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2) by Username on Monday February 10, @03:15PM
The depressing part it might be the nsa, fbi, dhs or cia. Previous articles pointed out the dhs bought the software about two years ago. Have no doubt they all have it.
(Score: 0, Troll) by Anonymous Coward on Monday February 10, @04:12PM (1 child)
Friend, why so anti-semitic? Supporting the terrorists will get you big trouble [IP located].
(Score: 5, Touché) by Thexalon on Monday February 10, @07:10PM
Yeah, yeah, I must hate my Jewish grandfather, my Holocaust survivor friend (now deceased), and all my other Jewish friends and relatives. That's the only possible reason I'd not be OK with the mass killing of civilians, approximately half of them children.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2) by corey on Monday February 10, @10:21PM (1 child)
People are so quick to blame Israel. It was a private Israeli company that makes this software, but the article clearly states that they have various clients who buy and use the software. It could have been China, Venezuela, Somalia, Lichtenstein or anyone operating this malware.
(Score: 2) by jelizondo on Tuesday February 11, @05:25PM
Supposedly, they don’t sell to nefarious actors and deny knowledge of abuses… Quote from The Guardian. [theguardian.com]
No longer an Israeli company, now owned by the good ol’ U.S. of A. [techcrunch.com] Make of that what you will.
(Score: 4, Insightful) by HeadlineEditor on Monday February 10, @12:50PM
Then who the fuck are their actual customers? Countries that are using spyware in a responsible, totally above-board fashion?
(Score: 2) by iWantToKeepAnon on Monday February 10, @04:08PM
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy