Amnesty International researchers believe the victims included members of civic groups. These groups usually consist of activists, journalists and human rights defenders. Such groups are constant targets for state-sponsored hackers due to their political or social activities.
Donncha O Cearbhaill, head of Amnesty’s Security Lab, said his team had begun to gather information from victims who could have been affected to understand the extent of the attack better.
The fact that civil society actors were targeted is an indication of a worrying trend: Technology designed for everyday communication is being deployed against people who are already vulnerable. This not only makes the campaign a cybersecurity issue, but also a human rights issue.
According to WhatsApp, the hackers utilized one vulnerability within the messaging app and correlated that to another flaw in Apple devices. This chain of vulnerabilities enabled attackers to infiltrate the phones and make them do what they wanted. Once inside, they could listen in on communications, read files, and keep track of other apps.
Although WhatsApp has patched the hole in its system, the discovery highlights how hackers are coming up with ever more complex ways to get around locks. Also notable in the story is that the hack used a vulnerability in Apple’s products. It shows that there is no entirely secure platform.
While WhatsApp was a gateway to gain access to both Android and iPhone users, Amnesty reported that both user bases were impacted. This means the hacking campaign was dynamic and not constrained to a single device. O Cearbhaill added that the incident could be more widespread than initially thought since it was not only WhatsApp that was affected.
Cross-platform attacks are particularly insidious as they hamper the protection capabilities of the users. However, switching from one device or operating system to another is not always going to protect people if hackers can exploit multiple systems simultaneously.
This case joins a rising number of cyberespionage campaigns that have been discovered in recent years. From spyware like Pegasus to bespoke malware, hackers are increasingly homing in on small numbers of high-value targets. These people might not be famous, but they always contain sensitive information or are important people in civil society.
With groups such as Amnesty taking part, it’s clear that human rights defenders have taken to the frontline of the cybersecurity war. Governments and private companies must treat these attacks as more than technical issues, but as attacks on freedom of expression and on democracy itself.
Owned by Meta, WhatsApp did not hesitate to correct the vulnerability, but the company only provided a short announcement. Apple is also being questioned as its devices were used to conduct the attack. Both companies are being pressured to secure and be more transparent when things go wrong.
This case also demonstrates the impact of collaboration. The tech companies, independent researchers, and civil society groups must collaborate to identify and interrupt these campaigns before they can go viral. Although the risks from climate change are well understood, urgent solutions and concerted collective efforts are still required to protect those at risk.
The discovery of this hacking campaign is yet another reminder that cybersecurity threats are changing. Even the most reliable platforms, such as WhatsApp and Apple devices, can be used. While fewer than 200 people were targeted, the targeting of activists and civic groups shows that the objective was not profit but rather control and surveillance.
What we have here is a warning example. Although consumers must stay current on their devices, it is much more on the shoulders of the big tech companies to remain one step ahead of the attackers. At the same time, the international community must understand that these digital attacks can muffle voices and erode human rights.
This latest episode affirms that cybersecurity is no longer about protecting data. That is about safeguarding people.
Nvidia has achieved an unprecedented milestone: it has become the first publicly-traded company to reach…
As the after-market session approaches, three of the largest U.S. technology firms, Microsoft, Alphabet (Google)…
Microsoft’s cloud infrastructure buckled Wednesday morning as thousands of users found themselves locked out of…
The software and analytics firm Palantir Technologies Inc. finds itself at a pivotal moment. The…
When JPMorgan adjusts its Tesla target, Wall Street sits up straight like it just saw…
Apple hits a $4 trillion dollar valuation and becomes the third company after Nvidia and…