WASHINGTON (Reuters) – Senior officials in many US-related countries were targeted earlier this year with hacking software that uses WhatsApp on Facebook Inc to take users' phones, according to people familiar with the investigation into the messaging company.
FILE PHOTOS: WhatsApp messaging app is seen on the phone on August 3, 2017. RATERS / Thomas White / File photo
Sources familiar with WhatsApp's internal investigation into the breach said a "significant" portion of known the victims are high-level government and military personnel spread across at least 20 countries across five continents.
The hacking of a wider group of senior government officials' smartphones than previously reported suggests that WhatsApp's cyber-entry could have broad political and diplomatic implications.
WhatsApp filed a lawsuit Tuesday against Israeli hacking tool developer NSO Group. The software giant owned by Facebook claims that the NSO Group has built and sold a hacking platform that uses a flaw in WhatsApp servers to help customers penetrate the handsets of at least 1,400 users.
Although it is not clear who used the phone hacking software for employees, the NSO says it sells its spyware exclusively to government customers.
Some victims are in the United States, United Arab Emirates, Bahrain, Mexico, Pakistan and India, according to people familiar with the investigation. Reuters could not check whether victims from those countries included government officials.
The revelation comes as more than a dozen Indian journalists and human rights activists said on Thursday that they had also been targeted.
The NSO did not immediately respond to a request for comment. Previously, she denied any wrongdoing, saying her products were only intended to help governments catch terrorists and criminals.
Over the last few years, cybersecurity researchers have discovered NSO products used against a wide range of targets, including protesters in authoritarian countries. However, the use of these tools to target senior politicians is less understood.
An independent research group working with WhatsApp called CitizenLab stated that at least 100 of the victims are journalists and dissidents, not criminals.
WhatsApp announced that it was sending alert notices to affected users earlier this week.
"It's an open secret that a lot of law enforcement branding technologies are used for state and political espionage," says John Scott-Rolton, a senior researcher at CitizenLab.
Before notifying victims, WhatsApp checked the list of targets against existing law enforcement requests for information related to criminal investigations such as terrorism or child exploitation. But the company did not find any overlap, said a person familiar with the matter. Governments can send such requests for information to WhatsApp through an online portal that the company maintains.
WhatsApp does not identify the customers of the NSO Group who ultimately chose the targets.
Reports by Christopher Bing and Rafael Sater; Editing by Chris Sanders and Lisa Shumaker