• Follow us


Hacking WhatsApp – has a line been crossed?

No doubt, you’ll have seen the news about WhatsApp users being targeted by a sophisticated hack a couple of weeks ago. What you may not be aware of is that it’s a result of the commercialisation of cyber weapons that private companies are developing and selling to governments – and possibly others.

You may not be overly concerned about the story – after all, the attack was targeted at specific individuals, not an entire population - and unless you’re a human rights lawyer, or a journalist, or an activist, you’re very unlikely to have been affected. And you’ve probably gone and updated WhatsApp, so you’re good, right?

There’s a bigger story behind this. WhatsApp was compromised by a ‘Buffer Overflow Vulnerability’. Without going into tedious detail, it’s suffice to say that in the cyber industry we call this a ‘Technical Exploit’ – an attacker is manipulating a flaw in the way software has been designed and using it for their own purposes. This exploit subsequently allowed an attacker to place spyware on the affected phone, giving them access to all the information on the device.

What’s unusual about this is that it’s not the work of a sophisticated intelligence agency like the NSA, CIA or MI5. The people behind this attack are alleged to be working for a company called the NSO Group – and the implications of this are concerning.

The NSO Group is a rather shadowy outfit. Jointly owned by US investment firm Francisco Partners and the UK-based private equity firm Novalpina Capital, but to all intents and purposes an Israeli company, they have been implicated in a number of cyber security incidents since being founded in 2010. The NSO Group state that they develop tools for governments, intelligence and law enforcement agencies to combat crime and terrorism. But their history is a lot murkier than that.

The NSO Group is alleged to have been the product of the 8200 Intelligence Unit, a part of the Israeli Intelligence Corps which apparently helps fund cyber security start-ups, but is essentially a military unit manned by 18-21 year old conscripts who are hand-picked to become hackers. Unit 8200 has an impressive track record in the cyber world, from been connected to the ‘Stuxnet’ computer worm which badly affected the Iranian nuclear programme in 2010 to developing the ‘Duqu 2.0’ virus in 2014, alleged to be the most sophisticated computer virus ever developed. Many of the former members of 8200 have gone on to senior positions in Silicon Valley after leaving the Israeli military. So it’s easy to draw the conclusion that it’s not just simply providing cash and guidance to new companies, but effectively helping to commercialise cyber weapons.

So why should anyone be concerned about the NSO Group and its activities? If it’s just selling these tools to friendly governments to help prevent crime and terrorist attacks, then what’s the problem?

Concerning implications

Well, for starters the Stuxnet attack was designed to physically destroy centrifuges at the uranium enrichment facility at Natanz, Iran, and whilst there may have been no danger of causing a nuclear explosion, it was serious enough to be classed as a ‘serious nuclear accident’. And whilst that attack might have been a joint US/Israeli effort, there’s no reason to believe that the knowledge gained in that attack couldn’t in future be used to develop a nuclear cyber weapon that can be sold to any government.

But if we leave the nuclear world behind, we’re still looking at the potential commercialisation of cyber weapons that previously had been the domain of the world’s top intelligence agencies. And whilst those agencies have to abide by the rule of law in whatever country they are based in, and usually have to comply with strict oversight, everything becomes a distinct shade of grey when it comes to private enterprises.

Various Israeli government, intelligence and military agencies will no doubt be closely aligned to the NSO Group – and that lends a level of plausible deniability to some of their cyber operations. For once an exploit or piece of malware has been identified there are not only people who will rush to neutralise the threat, but also those who attempt to replicate the attack. Should that happen, it’s easy for the Israeli government to deny involvement. The company implicated might subsequently disappear, but it’ll re-emerge with a new name and logo but with the same old faces to carry on as before.

There’s also the concern that cyber weapons are not monitored or controlled in the say way as physical arms are (that is to say, they’re not controlled at all). If you wanted to ship weapons to another country – or even just parts of machines that could be used to make weapons – you’re subjected to a great deal of international scrutiny. The same, though, doesn’t apply to cyber weapons and so there’s no restrictions on selling them to anyone you feel like.

So the WhatsApp exploit and associated spyware was developed and sold to – well, who knows who it was sold to? It could have been to the Israeli or US governments to assist them with tracking terrorists. It could have been sold to European law enforcement who are attempting to crack organised crime gangs. It could have been sold to intelligence agencies so they can spy on officials in other nations. It could have been sold to an oppressive regime who want to identify, monitor and subsequently deal with ‘undesirables’ like human rights activists. It could have been sold to an unscrupulous law firm who want to spy on the opposition and undermine legal cases. The only thing we do know is that it was developed and used in the wild. We need to ask the question - are we happy for these cyber weapons to be bought and sold? 

The NSO Group state that their tools are only sold to “authorised government agencies” after a “rigorous licencing and vetting process”. They also say that they “would not and could not use its technology in its own right to target any person or organisation”. But whilst ‘would not’ might be true, the ‘could not’ part is laughable – are they seriously saying that they’ve developed a tool that they themselves are unable to operate? How do they test it, or train their customers on how to use it if they cannot access it themselves?

The NSO Group identified a flaw within WhatsApp that could be exploited and used to install spyware - and make no mistake, the exploit wasn’t discovered by chance because the techies at NSO were actively looking for ways to exploit WhatsApp. Once they found the exploit they could have told the company about it and helped to protect all 1.5 billion users of the app. Instead they chose to keep their discovery secret and make a profit from it by selling the tools and the knowledge to whoever was willing to pay, and potentially putting lives at risk.

The NSO Group also slopes its shoulders when it comes to the use of their products. They say that “under no circumstances would NSO be involved in the operating or identifying of targets of its technology”, which is basically saying that once they’ve sold the tool they’re not bothered about who is targeted by it (which is the ‘guns don’t kill people, people kill people’ argument). They also say that “We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system” – which essentially means that, once sold, they’re relying on their customers to tell them if they’re abusing the technology or not. Of course, that’s going to happen, isn’t it?

You might not have been affected by this particular attack on WhatsApp users but the implications are very concerning. The next time the NSO Group – or someone similar – decides to profit from a vulnerability it discovers and sells the tools and knowledge needed to exploit that weakness, with none of the checks and balances the rest of the arms business has to go through, you might be.

Vince Warrington, CEO, Protective IntelligenceImage Credit: Endermasali / Shutterstock

Read More

Leave A Comment

More News

Latest ITProPortal news

Foxconn president resigns to run for office 2019-06-21 08:00:29He wants to focus on his presidential campaign.

Google confirms it's leaving the tablet business 2019-06-21 07:58:09It's throwing everything it has into the laptop business.

US city votes to pay ransomware demand 2019-06-21 07:30:31Riviera Beach can't catch a break.

iPaaS: The true digital transformation enabler 2019-06-21 07:00:33At the heart of any digital transformation project is the same principle – getting access to data and managing that data effectively.

5G can help start ups compete better 2019-06-21 06:30:585G could give birth to a whole new wave of start-up businesses, who would leverage the technology to compete better against well-established players i

Leaked passwords are only the tip of the 2019-06-21 06:30:45The true cause of the problem isn’t what one company does or doesn’t do with their security, but the underlying premise that personally id

The rise of voice commerce 2019-06-21 06:00:46This is a burgeoning trend that could be a huge market in the very near future.

IT issues creating workplace "black hole" 2019-06-21 06:00:33Employees are losing hours fixing stuff around the office.

GDPR compliance: is your business at risk of 2019-06-21 05:30:57Since the introduction of GDPR last year, small businesses have faced increased pressure to develop and alter their existing policies in line with the

How continuous deployment can help you keep pace 2019-06-21 05:00:10With every company now a software company, here's how continuous deployment makes you stand out from the crowd.

Keeping up with digital transformation: Is your ERP 2019-06-21 04:30:46Digital transformation need not be a scary term, but the foundation of your ERP strategy.

Why the jewellery sector is in major need 2019-06-21 04:00:07How blockchain and modern technology has helped to change the way the sector is functioning.

TechRadar: Internet news

Heads up, Mac gamers: big-time PC game port 2019-06-18 13:49:56Aspyr is ending sales of 32-bit titles as Apple discontinues 32-bit app support in the upcoming macOS Catatlina.

Cyberpunk 2077: release date, trailer and news 2019-06-18 13:26:57If you thought CD Projekt Red’s upcoming FPS RPG looked incredible before E3 2019, just wait until you see Keanu Reeves.

Animal Crossing on Nintendo Switch: release date, news 2019-06-18 13:06:19Animal Crossing: New Horizons isn't coming this year, but it's shaping up to be a totally unique experience.

These Huawei P30 Pro deals are now incredibly 2019-06-18 12:58:24One of the world's best phones at a great price - get a Huawei P30 Pro deal now and save some money, if you dare.

Australia vs Jamaica live stream: how to watch 2019-06-18 12:41:47Can the Matildas book their place in the Women's World Cup round of 16 with a win against the Reggae Girlz? Don't miss a kick with our Australia vs

Facebook WordPress plug-ins found to have zero-day flaw 2019-06-18 12:27:36Security researchers from Plugin Vulnerabilities have openly disclosed two zero-day flaws in Facebook's WordPress plugins, putting thousands of users

Expensive spectrum puts European 5G at risk 2019-06-18 11:58:13Recent spectrum auctions raise fears over rising costs

Best tablet 2019: the top tablets you can 2019-06-18 11:54:24The best tablets come from Apple, Google, and Microsoft, but not all are created equal. Here's what we like so far in 2019.

Amazon Prime Day deals 2019: everything you need 2019-06-18 11:52:04Amazon Prime Day is fast approaching, so we've put together a guide on how to find the best deals and everything else you need to know for the July s

EE now lets you watch BBC iPlayer and 2019-06-18 11:36:35EE users can now get some of the biggest data gobbling video players without data allowance with their mobile phone deal.

The 10 best cheap fitness trackers: the top 2019-06-18 11:21:31Wearable fitness trackers are smarter and cheaper then ever before, you don't have to spend as much to get fit.

The best free stock video sites 2019 2019-06-18 11:19:20Find high quality free stock video clips to use in all your projects – whether they're personal or commercial.

TechCrunch » Enterprise

Get your early-bird tickets to TC Sessions: Enterprise 2019-06-20 16:00:41In a world where the enterprise market hovers around $500 billion in annual sales, is it any wonder that hundreds of enterprise startups launch into t

Transitioning from engineering to product with Adobe’s Anjul 2019-06-20 13:05:14Many roles inside of startups and tech companies are clear: marketers market, salespeople sell, engineers engineer. Then there are the roles like &ldq

Daily Crunch: Slack makes its Wall Street debut 2019-06-20 12:42:22The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox ever

Machine learning for everyone startup Intersect Labs launches 2019-06-20 12:30:02Machine learning is the holy grail of data analysis, but unfortunately, that holy grail oftentimes requires a PhD in Computer Science just to get star

Slack opens at $38.50, a pop of 48% 2019-06-20 12:12:38Slack, the workplace messaging platform that has helped define a key category of enterprise IT, made its debut as a public company today with a pop. T

The boring genius of how Atrium kills legal 2019-06-20 12:12:32Law firms have little incentive to build or buy software that will save their lawyers time because they often bill clients by the hour. Tasks like tra

GirlGaze Network looks to connect brands with female 2019-06-20 08:32:10It started with a hashtag. Amanda de Cadenet, photographer, author and TV host, was spending time with her sister, a director and photographer in her

SaaS data protection provider Druva nabs $130M, now 2019-06-20 07:07:34As businesses continue to move more of their computing and data to the cloud, one of the startups that has made a name for itself as a provider of clo

Text IQ, a machine learning platform for parsing 2019-06-19 10:37:30Text IQ, a machine learning system that parses and understands sensitive corporate data, has raised $12.6 million in Series A funding led by FirstMark

Postman raises $50 million to grow its API 2019-06-19 07:00:18Postman, a five-year-old startup that is attempting to simplify development, tests and management of APIs through its platform, has raised $50 million

Blue Prism acquires UK’s Thoughtonomy for up to 2019-06-19 02:56:19Robotic process automation — which lets organizations shift repetitive back-office tasks to machines to complete — has been a hot area of

Atlassian’s co-CEO Scott Farquhar will join us at 2019-06-18 16:39:36Few companies have changed the way developers work as profoundly as Atlassian. Its tools like Jira and Confluence are ubiquitous, and over the course

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.