This week saw the cybersecurity world taking big strides against some of the world’s most aggressive hackers. In a dramatic and potentially precedent-setting move, WhatsApp, the Facebook-owned messaging platform, sued the Israeli surveillance contractor NSO Group for allegedly targeting 1,400 of WhatsApp’s users with malicious phone calls crafted to infect devices with data-grabbing malware. Meanwhile, over in United States Congress, lawmakers are still struggling to deal with increasingly ubiquitous ransomware attacks that often target vulnerable organizations like local governments and hospitals.
Microsoft reported findings that the Russian hacking group Fancy Bear (also called APT28 or Strontium) has targeted at least 16 anti doping agencies around the world in the lead-up to the 2020 Tokyo Olympics. Russian hackers have barraged the Olympics for three years now, including a particularly stealthy and insidious digital attack on the Pyongyang Winter Games in 2018.
We detailed how to keep your smart-assistant devices locked down so human reviewers at big tech companies don’t end up listening to audio snippets of your voice, or other accidental recordings taken in your home. And Will Roper, assistant secretary of the Air Force for acquisition, technology, and logistics, made the case that three technologies—open systems design, agile cloud-based software, and digital engineering—represent a sort of “digital holy trinity” that will underlie next-generation weapons for the US military.
Plus, there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
Last May, WhatsApp revealed that hackers at NSO Group had been exploiting a vulnerability in its software that allowed them to compromise a phone simply by targeting it with a voice call that planted malware on the device capable of silently stealing a victim’s messages. Now, in the same week when WhatsApp revealed that NSO Group had in fact targeted 1,400 of its users, Reuters reports that government officials in more than 20 countries have also been targeted via WhatsApp hacking.
Reuters didn’t name the countries, nor did it explicitly confirm that hacking was carried out by NSO or using the company’s tools, but the newswire’s story seems to suggest a link to the notorious hacker-for-hire firm. WhatsApp this week already confirmed that, based on an investigation carried out by the nonprofit cybersecurity research group Citizen Lab, NSO targeted more than 100 members of civil society, including journalists, human rights defenders, lawyers, and activists.
If NSO has in fact aided in the compromise of government officials, that would represent yet more evidence that its tools and targeting haven’t been limited to criminals and terrorists, as the company has long portrayed its work.