The news that there has been a serious breach of What’s App will come as no surprise to intelligence professionals. No matter what the system, if you allow internet connected technology into your life then you are creating a security risk – whether it is a mobile phone, a computer or your voice activated home assistant such as Alexa. It is not a question of whether there will be a security breach, but when.
What is interesting about this story is two things: first, that the malware could be placed on the system without the user taking any particular action. A missed call was enough for the damage to be done. This is an advance. In the past, most malware had to be actively downloaded such as by clicking on a bad link in an email. Of course, government agencies have had the ability to do this for a while (as the Snowden papers revealed), but the What’s App surveillance software came from the private sector.
And that is the second interesting point. It seems clear from the available evidence that this software was created by NSO Group, the notorious Israeli security company. Having created the technology, NSO has been selling it to other governments around the world. They say that it is purely to help defeat terrorism and crime, but of course once it is out, it is out and they have no real control over how it is used. It is yet another case where the line between private and state security is becoming blurred. In Israel the line between the two is not quite as distinct as elsewhere since a lot of private companies are staffed by ex-military and former intelligence officers and they all work closely with the state authorities. Even so, it is another example of how the face of espionage is changing. Just as these days a private company can finance its own rocket programmes and moon missions, private companies can now produce intelligence gathering systems as comprehensive – and as potentially menacing – as nation states.