Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 왓츠앱 users, according to the messaging app’s chief executive.
Will Cathcart disclosed the new details about individuals who were targeted in the attack after revelations this week by the Pegasus project, a collaboration of 17 media organisations which investigated NSO, the Israeli company that sells its powerful surveillance software to government clients around the world.
Cathcart said that he saw parallels between the attack against WhatsApp users in 2019 – which is now the subject of a lawsuit brought by WhatsApp against NSO – and reports about a massive data leak that are at the centre of the 페가수스 프로젝트.
The leak contained tens of thousands of phone numbers of individuals who are believed to have been selected as candidates for possible surveillance by clients of NSO, including heads of state such as the French president, 에마뉘엘 마크롱, government ministers, diplomats, activists, journalists, human rights defenders, and lawyers.
It includes some people whose phones showed infection or traces of NSO’s Pegasus spyware, according to examinations of a sample of the devices conducted by Amnesty International’s security lab.
“The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart said in an interview with the Guardian. In addition to the “senior government officials”, WhatsApp found that journalists and human rights activists were targeted in the 2019 attack against its users. Many of the targets in the WhatsApp case, 그는 말했다, had “no business being under surveillance in any way, shape, or form”.
“This should be a wake up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.”
NSO의 Pegasus 스파이웨어가 전화를 감염시키는 경우, 이를 사용하는 정부 고객은 개인의 전화 대화에 액세스할 수 있습니다., 메시지, 사진과 위치, 녹음기를 조작하여 전화기를 휴대용 청취 장치로 전환할 뿐만 아니라.
누출에 다음 목록이 포함되어 있습니다. 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.
The appearance of a number on the leaked list that was accessed by the Pegasus project does not mean it was subject to an attempted or successful hack. NSO는 Macron이 고객의 "타겟"이 아니라고 말했습니다., 의미 회사는 그의 휴대전화에 페가수스 감염이 시도되거나 성공한 적이 없다고 부인합니다..
NSO는 또한 데이터가 회사와 "관련이 없다"고 말했습니다., and has rejected the reporting by the Pegasus project as “full of wrong assumptions and uncorroborated theories”. 유출된 데이터가 Pegasus 소프트웨어의 감시 대상이 된 데이터임을 부인했습니다.. NSO는 50,000 숫자가 과장되어 Pegasus의 표적이 된 개인을 나타내기에는 너무 크다고 말했습니다..
But Cathcart questioned NSO’s claim that the figure was in itself “exaggerated”, saying that WhatsApp had recorded an attack against 1,400 users over a two-week period in 2019.
“That tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high,”그는 말했다. “That’s why we felt it was so important to raise the concern around this.”
When WhatsApp says it believes its users were “targeted”, it means the company has evidence that an NSO server attempted to install malware on a user’s device.
NSO has declined to give specific details about its customers and the people they target. 하나, a source has claimed the average number of annual targets per customer was 112.
When WhatsApp announced two years ago that users had been targeted by the NSO malware, it said it had found that about 100 의 1,400 targets were members of civil society – journalists, human rights defenders and activists. The users were targeted through a WhatsApp vulnerability that was later fixed.
Cathcart said he had discussed the 2019 attacks against WhatsApp users with governments all around the world. He praised recent moves by Microsoft and others in the technology industry who are speaking out about the dangers of malware, and called on Apple – whose phones are vulnerable to malware infections – to adopt their approach.
“I hope that Apple will start taking that approach too. Be loud, join in. It’s not enough to say, most of our users don’t need to worry about this. It’s not enough to say ‘oh this is only thousands or tens of thousands of victims’,”그는 말했다.
“If this is affecting journalists all around the world, this is affecting human rights defenders all around the world, that affects us all. And if anyone’s phone is not secured that means everyone’s phone is not secure.”
He also called on governments to help create accountability for spyware makers.
“NSO Group claims that a large number of governments are buying their software, that means those governments, even if their use of it is more controlled, those governments are funding this. Should they stop? Should there be a discussion about which governments were paying for this software?”
WhatsApp launched its lawsuit against NSO in late 2019, claiming that the Israeli company was responsible for sending malware to WhatsApp users phones. A judge in the case pointed out that the underlying facts in the case – that malicious code owned by NSO was sent through WhatsApp’s servers – did not appear to be disputed. 대신, the lawsuit has revolved around whether NSO’s “sovereign customers” were to blame, or the company itself.
NSO has argued that it ought to be immune to the suit because its clients are foreign governments. It has said its clients are contractually obliged to use Pegasus to target criminals and that it investigates allegations of abuse. It said it has no insight into how government clients use the spyware or who they target, unless the company requests an investigation into allegations of wrongdoing.
An NSO spokesperson said: “We are doing our best to help creating a safer world. Does Mr Cathcart have other alternatives that enable law enforcement and intelligence agencies to legally detect and prevent malicious acts of pedophiles, terrorists and criminals using end-to-end encryption platforms? 그렇다면, we would be happy to hear.”