The whatsApp breach

One of the countries identified as a user of Finfisher Spyware is none other than Lebanon. Finfisher is produced by a German company.
by Dan Azzi

19 May 2019 | 13:54

Source: by Annahar Staff

  • by Dan Azzi
  • Source: Annahar Staff
  • Last update: 19 May 2019 | 13:54

BEIRUT: We woke up last week to a huge story in the Middle Eastern press, a nonevent within the US, where most people haven’t heard of WhatsApp, let alone use it. However, for us in Lebanon and the Arab World, the app, now owned by Facebook, is a primary means of communication.

An Israeli company, NSO, exploited a vulnerability in the app, allowing unauthorized and surreptitious access to someone’s phone, even without them doing something stupid, like clicking on an unknown link (which is the most common way phones get infected). A missed WhatsApp call was all it took to access your phone.

NSO is a secretive Israeli company, a product of Silicon Wadi (their version of Silicon Valley). Its clients are The Who’s Who of third world intelligence services, who can now buy off-the-shelf spying software and play like the big boys do. NSO was referred to by Nicole Perlroth, of The NY Times, as “one of the world’s most evasive digital arms dealer,” an interesting and ominous new term for the 21st Century. There’s huge demand for this type of thing, which is why NSO is now valued at above $1 billion dollars.

This vulnerability wasn’t busted by the National Security Agency (the largest US Intelligence Agency and the one responsible for making and breaking cryptographic codes) or GCHQ (NSA’s British equivalent), nor the FBI. Now that I think about it, why would they? They’re sort of on the same side as NSO, as long as it stays away from their own citizens ... sort of. That said, the US Justice Department has opened an investigation.

The surprising part is that it was busted by Citizen Lab, based at the University of Toronto, which specializes in “investigating digital espionage against civil society ... and examining transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.”

I was lucky enough to meet its director, Professor Ron Deibert, at a presentation he gave a few weeks back. Professor Deibert is a nondescript, nice guy, who does not fit the usual stereotype for a James Bond, able to take on such a powerful entity, embarrass it, and win. In fact, at his lecture, I recognized several employees of intelligence agencies from various countries, some of whom are customers of NSO or otherwise connected to it. Makes one wonder if they were there out of intellectual curiosity or admiration.

Of course, based on the edict “any PR is good PR,” I’m certain that NSO has ambivalent feelings about the whole brouhaha. As we speak, they’re probably getting inquiries from potential new customers, who are intelligence agencies of banana republics, private security companies, and even rich, jealous husbands wanting to track their wives and mistresses. This, notwithstanding NSO’s assurances that they “only sell to governments” and they “follow Israeli and local laws.” That has to make us all feel much better — protection by a combo of Israeli and Third World privacy laws.

One of the first times Citizen Lab clashed with NSO was when a dissident, named A.M., from a Middle Eastern country, was targeted with an SMS message saying “Secrets about torture of citizens of [his country] in government prisons. Click here for more info.” Had he clicked, he would have launched the “Zero Day” attack, which exploited a vulnerability by Apple that was plugged in August 2016. A.M. was subsequently arrested.

According to Citizen Lab, penetration cyber attacks occurred against 24 people in Mexico, including journalists, lawyers, government officials, and others, some of whom were assassinated. The techniques were quite nasty, like sending a text message about the target’s daughter being involved in an accident, to entice him to click on the infected link. In another case, a text message impersonated the US Embassy and claimed there was a problem with the recipient’s visa application.

Citizen Lab identified at least 21 countries globally who are customers of NSO, including 6 Arab nations, all of which fall in the bottom third ranking for ‘rule of law’ and ‘freedom of expression and accountability.’

One of the most recent targeting attacks was against a dissident from a Middle Eastern country, currently residing in Canada. The attack was able to put a tracker on his phone, however once he contacted Citizen Lab, this blew the whole case open, including identifying the WhatsApp vulnerability.

What makes the story especially ironic is that in this battle, Citizen Lab was David and defeated NSO, the Israeli Goliath.



One of the countries identified as a user of Finfisher Spyware is none other than Lebanon. Finfisher is produced by a German company. You may recall a couple of years ago our security services were in the global press as having been spying and capturing hundreds of thousands of private texts and photos. My first reaction hearing this was sort of the same as you would if your son were Dennis the Menace or Bart Simpson. Part of you is angry at this invasion of privacy, but the other part of you is beaming and proud that our pipsqueak country is now playing spy games at the global level. Of course, why they’d want to spy on random people in 21 countries is hard to justify based on national security interests.

Tips to Protect Yourself:

Never click on links to upgrade an app. Your AppStore is the only way to upgrade an app. Do not click on a link when you get messages such as the following (which I’ve seen circulating in Lebanon):

- Click here to upgrade to WhatsApp Gold.

- WhatsApp will become a paid app. Click here to avoid this.

- Due to Airline X’s anniversary, forward this link to 10 friends for a free airline ticket.

- You have a DHL package, click here.

- Emails that blackmail you to pay them Bitcoin otherwise they will release compromising photos of you. This specific one had part of your password.

- Update your IOS or other operating system to the latest as soon as it comes out, if the upgrade is a fix to an identified vulnerability.

Some of these are most certainly attempts by surreptitious organizations or hackers to penetrate your phone. Some are scammers. Others are marketing gimmicks.

Either way, don’t fall for them.

----

Dan Azzi is a regular contributor to Annahar. He has recently been invited to be an Advanced Leadership Initiative Fellow at Harvard University, a program for senior executives to leverage their experience and apply it to a problem with social impact. Dan’s research focus at Harvard will be economic and political reform in a hypothetical small country riddled with corruption and negligence. Previously, he was the Chairman and CEO of Standard Chartered Bank Lebanon.

Show Comments

An-Nahar is not responsible for the comments that users post below. We kindly ask you to keep this space a clean and respectful forum for discussion.