Whatsapp monitored: allegation of the messenger brings Pegasus hackers in need of explanation

It was a shock: At least 1400 Whatsapp users are said to have been spied on about a security hole in the popular messenger, warned parent company Facebook in the summer of 2019 (you can find out more here). Whatsapp boss Will Cathcart sees a clear connection with the current wiretapping scandal surrounding the Israeli NSO Group. And attacks one of their main justifications.

In an interview with the British “Guardian”, Cathcart first publicly gave details of the 1,400 people who were affected by the messenger hack at the time. He told the newspaper that these include people who hold high-ranking positions in the security sector, “US ally,” including “leading members of the government”. As early as 2019, Whatsapp announced that at least 100 of the victims were civilians who had been targeted by the hackers as journalists, lawyers, activists or academics.

Image campaign

In doing so, Cathcart directly contradicts official statements by the NSO Group about the espionage measures uncovered by a leak last week. “If you’re not a criminal, you don’t have to be afraid of it,” Shalev Hulio, CEO of the NSO Group, announced in an interview with Forbes on Thursday. A telephone list uncovered as part of the Pegasus project with 50,000 potential espionage victims of the company had no meaningfulness, he emphasized. The reporting is “full of false assumptions and unproven theories.” The program had been sold to 40-45 governments, for example in order to be used in the fight against terrorism, and on average only 100 people would be monitored. If abuse is found, the software can also be switched off for these countries.

Cathcart doesn’t want to leave it like that. “The reports are consistent with what we saw in the attack two years ago,” he said with certainty. The 1400 documented attacks on WhatsApp users all took place over the course of just two weeks. “From this, over a long period of time, over several years, an extremely high number of people attacked can be deduced,” he believes. “That’s why it was important for us to make our concerns public.”

The group discussed the attack with governments around the world in 2019, Cathcart told the Guardian. In his view, attacks of this kind harm the entire population. “If something like this hits journalists, human rights activists, it affects all of us. And if someone’s smartphone is not secure, everyone’s smartphone is not secure.” Whatsapp had already filed a lawsuit against NSO at the end of 2019.

It’s about credibility

Whatsapp is about more than just a single attack. The messenger has been struggling with image problems in the last few months. When the group recently renewed its usage guidelines, so many users were skeptical that competitors such as Signal or Telegram experienced a real boom and Whatsapp was ultimately forced to give in.

Messenger, which has been part of the Facebook group since 2014, has been trying to present itself as a secure platform for protected communication for a long time, emphasizing again and again that the messages cannot be read during transmission thanks to end-to-end encryption. At the latest on the device, the messages are decrypted again and can be read by attackers with access to the device. According to the Pegasus project, this has now also happened. Since WhatsApp, unlike its competitor Signal, does not disclose its program code, it cannot even be ruled out that the messenger itself evaluates the chats, expert Paul Rösler also emphasized stern.

The messenger is considered extremely data hungry anyway. Even without access to the messages themselves, the additional information about the chats, the so-called metadata, is extremely valuable. Who writes with whom, when and where, reveals a lot about users, their habits and their networks. If you only occasionally send a message back and forth during working hours, you usually have a very different relationship than people who regularly stay in the same apartment in the evening and sometimes make video calls at night.