The mobile phones of at least two dozen Pakistan’s government officials were allegedly targeted earlier this year with technology owned by an Israeli spyware company, a British newspaper reported.
Scores of defense and intelligence officials were among those who could have been compromised, The Guardian reported while quoting ‘sources’ who spoke on condition of anonymity. The targeting was discovered during an analysis of 1,400 people whose phones were the focus of hacking attempts in a two-week period earlier this year, it said.
All the suspected intrusions exploited a vulnerability in WhatsApp software that potentially allowed the users of the malware to access messages and data on the targets’ phones. In May, the discovery of the breach prompted WhatsApp, which is owned by Facebook, to file a lawsuit against the Israeli firm in October in which it accused NSO of unauthorized access and abuse of its services.
The lawsuit claimed intended targets included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior government officials. In a statement, NSO said that it will vigorously contest the claim and has insisted that its technology is only used by law enforcement agencies around the world to snare criminals, terrorists, and pedophiles.
The targeting of Pakistani officials gives a first insight into how the Israeli company’s signature Pegasus spyware could have been used for state-on-state espionage. The details also raise fresh questions about how NSO’s clients use its spyware.
“This kind of spyware is marketed as designed for criminal investigations. But the open secret is that it also winds up being used for political surveillance and government-on-government spying,” said John Scott-Railton, a senior researcher at the Citizen Lab, an academic research group located at the University of Toronto that has worked with WhatsApp to help identify victims.
He said that the spyware companies are clearly contributing to the proliferation of state-on-state technological espionage. “No government seems particularly immune and this is probably further stretching the patience of governments around the world with this industry,” he said.
NSO representatives declined to comment on questions about whether the company’s software had been used for the government espionage. Previously, the company has said it considered it a misuse of its product if the software was used for anything other than the prevention of serious crime and terrorism.
PAKISTAN’S RESPONSE: While it is not clear who wanted to target Pakistani officials, the details are likely to fuel speculation that India could have been using NSO technology for domestic and international surveillance. India’s government is facing questions from human rights activists about whether it has bought Israeli technology after it emerged that 121 WhatsApp users in India were allegedly targeted earlier this year.
Pakistan has not publicized the alleged hack, but there are signs the government is taking steps to address the matter. Dr. Arslan Khalid, who serves as an adviser to the prime minister on digital issues, said that the government is working on developing an alternative to WhatsApp to be used for sensitive government data and other classified information. The Ministry of Information Technology advised officials to stop sharing classified information over WhatsApp and replace smartphones that were purchased before May 2019.