WhatsApp Hack: High profile Govt. Officials targeted
This attack was not like other massive attacks on mass users but only high profile govt. officials of more than 20 countries were targeted. Most of the countries which were targeted are US allies and attack was carried out from 29 April 2019 to 10 May 2019.
Countries which were targeted includes India, US, Pakistan, UK, France, Malaysia and few more. 30 to 40 users from India were on target.
WhatsApp in its report said that a tool named Pegasus was used in this attack. This tool was developed by the Israeli hacking tool developer NSO group.
WhatsApp said filing a lawsuit against the NSO group that the hacking platform was developed and sold. The tool was later used to exploit a flaw in WhatsApp servers which gave access to the user’s device. More than 1400 users were targeted from 20 countries.
Most users who were targeted kept themselves in dark and only reveled in close rooms. While some came out and reported the attack. A London based lawyer who was also targeted sent the screenshot of the attempt to hack his phone to a media firm. He also said that the number of users hacked could be even higher.
When asked the NSO Group they said their tools are to help the govt. to catch terrorists and criminals. They limit the supply of the software to govt. authorities only, NSO said. Cybersecurity experts have denied their claim and have accused that their tools have been used for illegal purposes in the past too.
The central govt. has had multiple rounds of discussion with WhatsApp since the attack was reported.The telecom and IT minister Ravi Shankar Prasad asked WhatsApp to explain the breach and what is WhatsApp doing to safeguard millions of Indian users.
WhatsApp currently has more than 1.5 billion users and after the vulnerability was fixed WhatsApp urged its users to update the app to the latest version back in the month of May.
When asked whether India will buy the tool for security purposes, Indian govt. denied purchasing or planning to purchase the Pegasus software which is capable of extracting intimate data of a user.