What's new

Pakistan Military, govt officials likely targeted in global WhatsApp hack

The Eagle

The Eagle

SENIOR MODERATOR
Joined
Oct 15, 2015
Messages
24,239
Reaction score
258
Country
Pakistan
Location
Pakistan
Pakistan military, govt officials likely targeted in global WhatsApp hack

By Reuters
Published: November 1, 2019

2091335-whatsappe-1572588465-215-640x480.jpg

PHOTO: REUTERS

WASHINGTON: Senior government officials in multiple US-allied countries were targeted earlier this year with hacking software that used Facebook’s WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.

Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are US allies, they said.

Some victims are in the United States, United Arab Emirates, Bahrain, Mexico, Pakistan, and India, said people familiar with the investigation. Reuters could not verify whether the government officials were from those countries or elsewhere.




The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.

WhatsApp filed a lawsuit on Tuesday against Israeli hacking tool developer NSO Group. The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users between April 29, 2019, and May 10, 2019.

The total number of WhatsApp users hacked could be even higher. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.

Cyber-security and its objectives

While it is not clear who used the software to hack officials’ phones, NSO has said it sells its spyware exclusively to government customers.

Some Indian nationals have gone public with allegations they were among the targets over the past couple of days; they include journalists, academics, lawyers and defenders of India’s Dalit community.

NSO said in a statement that it was “not able to disclose who is or is not a client or discuss specific uses of its technology.” Previously it has denied any wrongdoing, saying its products are only meant to help governments catch terrorists and criminals.

Cybersecurity researchers have cast doubt on those claims over the years, saying NSO products were used against a wide range of targets, including protesters in countries under authoritarian rule.

Citizen Lab, an independent watchdog group that worked with WhatsApp to identify the hacking targets, said on Tuesday at least 100 of the victims were civil society figures such as journalists and dissidents, not criminals.

John Scott-Railton, a senior researcher at Citizen Lab, said it was not surprising that foreign officials would be targeted as well.

Facebook launches tool to let users control data flow

“It is an open secret that many technologies branded for law enforcement investigations are used for state-on-state and political espionage,” Scott-Railton said.

Prior to notifying victims, WhatsApp checked the target list against existing law enforcement requests for information relating to criminal investigations, such as terrorism or child exploitation cases. But the company found no overlap, said a person familiar with the matter. Governments can submit such requests for information to WhatsApp through an online portal the company maintains.

WhatsApp has said it sent warning notifications to affected users earlier this week. The company has declined to comment on the identities of NSO Group’s clients, who ultimately chose the targets.
 
. .
Riz said:
Facebook & whatsapp should be banned in pak military
Click to expand...


Whatsapp and even facebook is already banned (since past few months) at least in army for official/battalion/ long course groups.

All army officers (even retired but re-employed) were instructed to exit such groups and not to use whatsapp for official/military related chatter.

One of the reasons those LOC ATGM/Strike videos have reduced in circulation through whatsapp.

However, how much that rule is enforced is not known to me.
 
.
Using an phone with FB/Google apps installed is a huge security blackhole. The phones listen to you even in standby mode. They listen for specific phrases for ad personalisation; and could be used to target military/diplomats. Forces should have its own forked OS with validated apps installed especially for higher ups.
 
. . .
Hack? aah i see, the CIA backed company just handed over the chats to CIA. Right? hack is the cover story
 
.
T|/|T said:
Pakistan needs to up its cyber capabilities. I was astonished at an intelligence officer that i met and his lack of understanding of cyber espionage. He disnt believe in keyloggers and how theybwork
Click to expand...

He must be from the early '60s, even keyloggers are now considered outdated as they were really famous during early 2000.
 
.
The Eagle said:
Pakistan military, govt officials likely targeted in global WhatsApp hack

By Reuters
Published: November 1, 2019

2091335-whatsappe-1572588465-215-640x480.jpg

PHOTO: REUTERS

WASHINGTON: Senior government officials in multiple US-allied countries were targeted earlier this year with hacking software that used Facebook’s WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.

Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are US allies, they said.

Some victims are in the United States, United Arab Emirates, Bahrain, Mexico, Pakistan, and India, said people familiar with the investigation. Reuters could not verify whether the government officials were from those countries or elsewhere.




The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.

WhatsApp filed a lawsuit on Tuesday against Israeli hacking tool developer NSO Group. The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users between April 29, 2019, and May 10, 2019.

The total number of WhatsApp users hacked could be even higher. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.

Cyber-security and its objectives

While it is not clear who used the software to hack officials’ phones, NSO has said it sells its spyware exclusively to government customers.

Some Indian nationals have gone public with allegations they were among the targets over the past couple of days; they include journalists, academics, lawyers and defenders of India’s Dalit community.

NSO said in a statement that it was “not able to disclose who is or is not a client or discuss specific uses of its technology.” Previously it has denied any wrongdoing, saying its products are only meant to help governments catch terrorists and criminals.

Cybersecurity researchers have cast doubt on those claims over the years, saying NSO products were used against a wide range of targets, including protesters in countries under authoritarian rule.

Citizen Lab, an independent watchdog group that worked with WhatsApp to identify the hacking targets, said on Tuesday at least 100 of the victims were civil society figures such as journalists and dissidents, not criminals.

John Scott-Railton, a senior researcher at Citizen Lab, said it was not surprising that foreign officials would be targeted as well.

Facebook launches tool to let users control data flow

“It is an open secret that many technologies branded for law enforcement investigations are used for state-on-state and political espionage,” Scott-Railton said.

Prior to notifying victims, WhatsApp checked the target list against existing law enforcement requests for information relating to criminal investigations, such as terrorism or child exploitation cases. But the company found no overlap, said a person familiar with the matter. Governments can submit such requests for information to WhatsApp through an online portal the company maintains.

WhatsApp has said it sent warning notifications to affected users earlier this week. The company has declined to comment on the identities of NSO Group’s clients, who ultimately chose the targets.
Click to expand...
@Sine Nomine , @Zulfiqar

I am not the kind of person who would say "Didnt I say so", but I guess my first thread on this board which got merged with dubious's idea no 3, at my request was on the need of cybersecurity in Pakistan.

Zulfiqar bhai, I can vet most of the "active service" class fellows/course mates have left whatsapp groups we only call each other up on phone or sms. But not all of them flag rank officers have not done it, some of them still use it.

We need to develop custom roms something like xda.
 
Last edited:
.
ps3linux said:
@Sine Nomine , @Zulfiqar

I am not the kind of person who would say "Didnt I say so", but I guess my first thread on this board which got merged wit dubious's idea no 3, at my request was on the need of cybersecurity in Pakistan.

Zulfiqar bhai, I can vet most of the "active service" class fellows/course mates have left whatsapp groups we only call each other up on phone or sms. But not all flag rank officers have not done it not all of them.

We need to developed custom roms something like xda.
Click to expand...
We need to ban foreign built VoIP services,if not forever but atleast for time being.
We need a custom built app for communication purpose.Having two version supporting customized AES-256 end-to-end encryption for special usage and AES-256 for public usage.Custom built servers in Pakistan supporting both apps.
Peoples have no idea,how much danger a compromised device possess to security.
 
.
Riz said:
Facebook & whatsapp should be banned in pak military
Click to expand...
Banning does not address anything. As long as you have modern gadgets on hand, you are vulnerable. Cyber security is a global issue.

You will draw more attention if you are buying online. I know as much from personal experience. Chinese are most active in hacking activities.

If you are suspecting involvement of agencies than the kind of equipment agencies such as NSA and CIA have at their disposal, they can glean a lot from even unsuspected sources. Even in the 1980s, CIA was able to tap Soviet-Afghan communications and pass on this information to ISI (this information was made public in a book from a retired Pakistan Army officer). Mobile apps are just another layer of information to them.
 
. .
Zulfiqar said:
Whatsapp and even facebook is already banned (since past few months) at least in army for official/battalion/ long course groups.

All army officers (even retired but re-employed) were instructed to exit such groups and not to use whatsapp for official/military related chatter.

One of the reasons those LOC ATGM/Strike videos have reduced in circulation through whatsapp.

However, how much that rule is enforced is not known to me.
Click to expand...

Enforcement is one issue --- the other is that even if you're not active in the groups, malware and spyware can make its way into your phone and keep your mic on even if your phone is powered off.

Enigma SIG said:
Using an phone with FB/Google apps installed is a huge security blackhole. The phones listen to you even in standby mode. They listen for specific phrases for ad personalisation; and could be used to target military/diplomats. Forces should have its own forked OS with validated apps installed especially for higher ups.
Click to expand...

Forget standby mode --- the camera and mic can be turned on even if you turn your phone off.

T|/|T said:
Pakistan needs to up its cyber capabilities. I was astonished at an intelligence officer that i met and his lack of understanding of cyber espionage. He disnt believe in keyloggers and how theybwork
Click to expand...

I can share a lot more scary and depressing incidents but I'll refrain.

ps3linux said:
@Sine Nomine , @Zulfiqar

I am not the kind of person who would say "Didnt I say so", but I guess my first thread on this board which got merged with dubious's idea no 3, at my request was on the need of cybersecurity in Pakistan.

Zulfiqar bhai, I can vet most of the "active service" class fellows/course mates have left whatsapp groups we only call each other up on phone or sms. But not all of them flag rank officers have not done it, some of them still use it.

We need to develop custom roms something like xda.
Click to expand...

The problem is that WhatsApp is just the 'vector' of getting in just like the flu virus uses mucus membranes to enter the human host. Once in, all kinds of stuff starts happening that is generally unrelated to the actual method of entry.

Sine Nomine said:
We need to ban foreign built VoIP services,if not forever but atleast for time being.
We need a custom built app for communication purpose.Having two version supporting customized AES-256 end-to-end encryption for special usage and AES-256 for public usage.Custom built servers in Pakistan supporting both apps.
Peoples have no idea,how much danger a compromised device possess to security.
Click to expand...

We need to do so much. The tragedy is that many common citizens understand this but those tasked with protecting national security are too slow.

LeGenD said:
Banning does not address anything. As long as you have modern gadgets on hand, you are vulnerable. Cyber security is a global issue.

You will draw more attention if you are buying online. I know as much from personal experience. Chinese are most active in hacking activities.

If you are suspecting involvement of agencies than the kind of equipment agencies such as NSA and CIA have at their disposal, they can glean a lot from even unsuspected sources. Even in the 1980s, CIA was able to tap Soviet-Afghan communications and pass on this information to ISI (this information was made public in a book from a retired Pakistan Army officer). Mobile apps are just another layer of information to them.
Click to expand...

One of the best things those serving in sensitive posts can do is to assume the methodology of many terrorists groups --- i.e. going back to the stone age in terms of communication. Not having a smartphone or WiFi, etc., should just be a sacrifice that comes with the job, just like other sacrifices.
 
. . .

Similar threads

D
Apple Warns Top Indian Opposition Leaders, Journalists About ‘State-Sponsored’(Modi-BJP/RSS) Attack on Phone
Replies
2
Views
443
buntalanlucu
B
ghazi52
Iranian FM lands in Pakistan to discuss bilateral ties, Middle East affairs
Replies
1
Views
441
ThunderCat
ThunderCat
ghazi52
12 hurt as bomb targets police van in Quetta
Replies
1
Views
287
Pinoy
Pinoy
ghazi52
Shooting in Karachi injures two Chinese nationals
Replies
0
Views
171
ghazi52
ghazi52
ghazi52
Four security men martyred in Pishin, Khyber attacks
Replies
2
Views
390
AbdulQadir7
A

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Back
Top Bottom