'Cyber threat continues across the globe,' says group that helped WhatsApp reach out to people impacted by cyber attack 

Written By: Sidhant Sibal WION
New Delhi, India Updated: Oct 31, 2019, 01:24 PM(IST)

John Scott Railton, senior researcher at Citizen Lab - the group that helped WhatsApp reach out to people impacted by cyber attack. Photograph:( WION )

Story highlights

Citizen Lab, a research group based at Munk School of Global Affairs and Public Policy, University of Toronto, volunteered to work with WhatsApp to understand the cyber attack. 

In April-May 2019, a series of cyber attacks took place on around 1,400 WhatsApp accounts using a malware built by an Israeli company NSO. The spyware can be injected into phones simply by ringing the number of a target device.

WhatsApp reached out to people impacted by the cyber attack. Citizen Lab, a research group based at Munk School of Global Affairs and Public Policy, University of Toronto, volunteered to work with WhatsApp to understand the cyber attack and reached out to civil society targets. Among those who were targeted was our principal diplomatic correspondent Sidhant Sibal.

He spoke to John Scott Railton, senior researcher at Citizen Lab on what comes next and how to be sure that there is no repetition of the attack.


WION: How big was the attack. How many people were impacted? The scale of the attack?

John Scott Railton: In this case, according to WhatsApp's announcement, around 1,400 were targetted and based on Citizen Lab's work, we can say, about 100 of them were members of the civil society. The company that WhatsApp publically names goes by the name NSO group. They sell power technology and carry out surveillance of people. Part of the problem of this technology is monitoring of people through there telephone, monitoring their encrypted telephone calls, snooping on their text messages, pulling away their private photographs and remotely turning on their microphones and listening to what is happening in the room. Part of the problem is that the sale and use of it is secret and very unaccountable. The case shows us when the government gets the ability to conduct unaccountable surveillance, they often go after very familiar targets like journalist, human rights activists and others.

WION: 1,400 people were impacted. How can we secure ourselves? What would you like to suggest?

John Scott Railton: There are steps everyone can take to be more secure and privately online. One of them is using an encrypted messaging service, it is clear after WhatsApp's lawsuit that they are not only working behind the scenes but have put their litigators where their mouth is and are going directly after the company which is targetting users. This is very unprecedented and a big win for human rights, that said, the existence of companies likes NSO creates this continued monitored cyber risk, around the globe. One of the most important things is that there are investigations and transparency on how these technologies are used and in some case, accountability is the best protection we have given how this powerful technology is.


WION: So can we say WhatsApp is hackable and is not secure? And will WhatsApp be able to make sure there are no repetition?

John Scott Railton: Anytime when there is a targeted, anytime there is a hack, inevitably people ask if this telephone, this service is secure... the honest answer is that there will always be groups trying to target you and your phone and depending on who you are and what you do. These groups may be very sophisticated or not which impacts how likely they are to be successful. At the end of the day, as an individual you chose what technology to use, based on if it will keep you safe and we have to understand looking at how companies behave, not only on day-to-day basis but on how they behave when things go wrong. In this case, WhatsApp users were targeted and WhatsApp not only worked behind the scenes to close vulnerability but took an unprecedented step, they went to the courts and put the litigators where their mouths are and went after the company which is contributing to the hacking. It is a very strong signal to the users and the general population that WhatsApp is working very hard to protect the privacy of the users. At the end of the day, no one can tell you, use this, it will be perfect; what is true is the fact that you have to use your own judgement and look at what happens not only when the day is good but also when there is a problem, and in this case, what WhatsApp has done is not only a win for their users but a win for human rights.

Read in App