The recent mobile phone attack by the Pegasus malware, which is the target of an investigation by journalists and Amnesty International, is similar to a 2019 invasion of 1,400 WhatsApp users, according to Will Cathcart, CEO of the platform. The NSO Group, which sells the spyware on the market, says the number of targets leaked in the press — more than 50,000 devices — is an “exaggeration”. Cathcart said he had evidence the company was behind the attacks two years ago.
WhatsApp boss says Pegasus attacked 1,400 users
In an interview with The Guardian, the CEO of WhatsApp says Pegasus’ most recent hacks are similar to what the app faced two years ago.
The attack that Will Cathcart refers to was carried out in 2019 — at two different stages of the year — and hit high-ranking members of governments around the world, including national security chiefs “allied with the US”. There were 1,400 targets, and the NSO Group was also behind this invasion, according to the executive.
In turn, the 2021 leak includes a list of more than 50,000 possible Pegasus surveillance targets, including Telegram founder Pavel Durov and 14 heads of state, including French President Emmanuel Macron.
But the NSO Group says these data are “not relevant” to the company, and dismissed the investigation by Amnesty International and a group of journalists into Pegasus as “full of allegations and theories not supported by facts.” The company even called the estimate “exaggerated”.
However, the head of WhatsApp says he has evidence that the NSO Group tried to install the spyware on customers’ phones and questioned the “exaggeration” in the number of Pegasus targets.
“This tells us that over a long period of time, which lasted many years, the number of people attacked is very high,” Cathcart told Guardian. “That’s why we think it’s so important to make people aware of this.”
The invasion in 2019 led WhatsApp to go to court against the Israeli company, blaming it for sending Pegasus to users. The judge in the case pointed out that the NSO does not question this allegation, but rather the fact that the responsibility would lie with the “sovereign” customers and not the company — they are contractually obligated to track only criminals and suspects.
“Governments are funding this,” says WhatsApp CEO
Cathcart discussed the NSO’s attacks on WhatsApp with members of various governments around the world. The executive has been trying to provoke changes from big technology companies about the risks of their devices being infected by malware and spyware.
Recently, Cathcart praised the changes Microsoft has made to defend its users against hacker attacks — and urged Apple to do the same.
Finally, WhatsApp CEO says that protecting citizens from digital espionage should also be a state responsibility:
“The NSO Group warns that a large number of governments are buying their software [Pegasus], which means that these governments, even if they use it in a more controlled way, are funding it [ataques e espionagem]. Should they stop? There should be a discussion about which politicians are paying for this software?”
A spokesman for the NSO Group tells The Guardian that the company is doing “the utmost to create a safer world”, and adds:
“Does Mr. Cathcart have other alternatives for law enforcement and intelligence agencies to detect and prevent criminal acts by pedophiles, terrorists and other miscreants using end-to-end encryption platforms? If so, we would be happy to hear from you.”