A leading Spanish politician who has campaigned for Catalan independence had his phone targeted by spyware in an incident seen as “domestic espionage”, according to the Guardian (opens in new tab).
Messaging app WhatsApp has written to Roger Torrent, the president of the Catalan regional parliament, to confirm he was the target of a cyberattack that took place via the platform in mid-2019.
- The best antivirus software to keep you and your devices safe
- VPN: add an extra layer of security with a virtual private network
- Just In: 50 million OKCupid users at risk due to security flaws
Apparent act of espionage
WhatsApp's letter, which has been viewed by journalists at the Guardian and El Pais, claims that the attackers targeted Torrent in order to “gain unauthorised access to data and communications on the device”.
Niamh Sweeney, director of public policy for Europe, the Middle East and Asia at WhatsApp, explained in the letter that attackers, possibly working at the behest of the Spanish national government, used the messaging platform to spy on Torrent’s phone without him knowing.
She wrote: “By ‘targeted’ we are referring to the fact that the attackers attempted to inject malicious code into Mr Torrent’s WhatsApp application.
“Based on the information available to us, we are not in a position to confirm whether Mr Torrent’s device was compromised as this could only be achieved through an exhaustive forensic analysis of the device."
A wider attack
Sweeney explained that the Catalan nationalist politician was among 1,400 WhatsApp users across the world targeted by spyware in 2019, including government officials, diplomatic professionals, reporters and human rights campaigners in many countries.
In all cases, the various perpetrators are believed to have used spyware manufactured and sold to governments by Israeli cybersecurity firm NSO Group. The firm hasn’t issued a comment on the incident, according to the Guardian.
The WhatsApp flaw exploited by the NSO Group spyware was patched on May 13, 2019.
Two other members of the Catalan independence movement were targeted in the WhatsApp espionage, the Guardian (opens in new tab) said in an earlier story. The newspaper said these are the first known instances of NSO Group spyware being used in Europe.
“We advocate for strong legal oversight of cyber weapons like the ones used in this cyberattack to ensure they are not used to violate individual rights and the freedoms people deserve, wherever they are in the world,” said Sweeney in her letter to Torrent.
The Guardian said Torrent is preparing to sue Félix Sanz Roldán, the former boss of the Spanish National Intelligence Center. He led the agency when the attacks took place last year.
WhatsApp has sued NSO Group in U.S. federal court for violating the U.S. Computer Fraud and Abuse Act. The case is still proceeding.
Such attacks are growing
Christoph Hebeisen, director of security intelligence at Lookout, warned that these types of attacks are becoming more common across the world.
He said: “The use of sophisticated mobile surveillanceware for domestic spying purposes appears more widespread than previously known, including in western democracies.
“In light of widespread election meddling and spying on political parties and movements all over the world it is clear that protecting information and communication infrastructure including mobile devices is quickly becoming critical to any organisation with a need for confidentiality.”