The phones of senior government and military officials in multiple US-allied countries were targeted with a hacking tool via WhatsApp, a popular encrypted messaging application, according to a new Reuters report. Multiple Trump administration officials are known to have used WhatsApp to carry out sensitive conversations, raising the prospect that their communications have also been intercepted.
The report, by Reuters’ Chris Bing and Raphael Satter, comes in the wake of a lawsuit filed by WhatsApp and its parent company, Facebook, against NSO Group, an Israeli technology firm that specializes in developing tools that allow governments to hack and collect intelligence. The lawsuit, filed Tuesday in a California federal court, alleges that the firm used WhatsApp servers and technology to target roughly 1,400 users between January 2018 and May 2019, including human rights activists, journalists, and politicians. WhatsApp released a fix for the vulnerability in May, addressing a flaw that allowed attackers to surreptitiously access a victim’s text messages, contacts, emails, and other sensitive information. NSO Group denies the accusation, and says it will “vigorously fight them.”
In March, the late Rep. Elijah Cummings, a Maryland Democrat, revealed that Jared Kushner, the president’s son-in-law and one of his most trusted associates, was using WhatsApp to “communicate with foreign leaders.” Kushner has had extensive dealings with political figures throughout the middle east. Gordon Sondland, Trump’s ambassador to the European Union and a key figure in in the administration’s campaign to pressure Ukraine to launch investigations that would benefit the president, communicated with other US diplomats about the effort over WhatsApp. During Trump’s run for the presidency campaign chairman Paul Manafort regularly sent polling data to a Russian associate via the app.
“I have zero doubt that over time at least some of Kushner’s communications were swept up,” says Jake Williams, the founder of Rendition Infosec and a former of the NSA hacker. “It’s important to consider that even if Kushner wasn’t a direct target, he could have been targeted indirectly by compromising those he communicates with.”
The growing revelations about the WhatsApp vulnerability come after a number of prominent cybersecurity missteps from the president’s team. Last week, Axios reported on an October resignation letter from Dimitrios Vastakis, a White House computer security official, warning that the building’s systems were vulnerable to intrusion after a series of management changes and personnel departures. A year ago, the New York Times reported that Trump was still using an insecure iPhone to talk with friends and associates. And just today, NBC News revealed that Rudy Giuliani, one of the president’s private attorneys and a likely target of every capable intelligence agency, took his personal iPhone into an Apple store in San Francisco in 2017 after he’d locked himself out of it; the article revealed that a copy of his phone’s data was stored on a cloud server.