A cybersurveillance firm owned by Israeli company said today that near 100 members of civil societies and journalists employing WhatsApp were its targets. “We have great confidence that messages from these affected users were being intercepted,” wrote Meta-owned, WhatsApp in reply to the hacking.
It explains that the attack falls under the term “zero-click” exploit whereby victims’ devices were infected by the attackers with no action being taken on them. In response, WhatsApp had sent a cease-and-desist letter to Paragon and recommitted itself towards protecting user privacy.
A WhatsApp spokesperson told that 90 users may have been affected but would not provide specific information about their identities and locations. The company then disabled the hacking attempt and directed the victims to Citizen Lab, a Canadian cybersecurity watchdog.
According to Citizen Lab researcher John Scott-Railton, this is just the latest on how badly and frequently mercenary spyware is being misused. Companies like Paragon, claiming to be here to help with national security interests, see their tools turn up on devices of journalists, activists, and opposition figures all over the world.
Acquired recently by Florida-based AE Industrial Partners, Paragon brands itself as an “ethical” player in the spyware industry, selling only to governments in stable democracies. Critics argue, however, that the latest revelations challenge such claims of responsibility.
Access Now’s Natalia Krapiva said that such spyware abuses are not isolated incidents but a fundamental issue within the commercial surveillance industry. The FBI has not commented on the breach.
As digital security concerns continue to grow, this incident is a reminder of the persistent risks posed by spyware and the urgent need for stricter regulations in the surveillance industry.
