By Raphael Satter
WASHINGTON (Reuters) -An official with Meta Platforms’ popular WhatsApp chat service said Israeli spyware company Paragon Solutions had targeted scores of its users, including journalists and members of civil society.
The official said on Friday that WhatsApp had sent Paragon a cease-and-desist letter following the hack. In a statement, WhatsApp said the company “will continue to protect people’s ability to communicate privately.”
Paragon declined to comment.
The WhatsApp official told Reuters it had detected an effort to hack approximately 90 users.
The official declined to say who, specifically, was targeted. But he said those targeted were based in more than two dozen countries, including several people in Europe. He said WhatsApp users were sent malicious electronic documents that required no user interaction to compromise their targets, a so-called zero-click hack that is considered particularly stealthy.
The official said WhatsApp had since disrupted the hacking effort and was referring targets to Canadian internet watchdog group Citizen Lab. The official declined to discuss how it determined that Paragon was responsible for the hack. He said law enforcement and industry partners had been informed, but declined to give details.
The FBI did not immediately return a message seeking comment.
Citizen Lab researcher John Scott-Railton said the discovery of Paragon spyware targeting WhatsApp users “is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use.”
Spyware merchants such as Paragon sell high-end surveillance software to government clients and typically pitch their services as critical to fighting crime and protecting national security.
But such spy tools have repeatedly been discovered on the phones of journalists, activists, opposition politicians, and at least 50 U.S. officials, raising concerns over the unchecked proliferation of the technology.
Paragon – which was reportedly acquired by Florida-based investment group AE Industrial Partners last month – has tried to position itself publicly as one of the industry’s more responsible players.
Its website advertises “ethically based tools, teams, and insights to disrupt intractable threats,” and media reports citing people familiar with the company say Paragon only sells to governments in stable democratic countries.
Natalia Krapiva, senior tech-legal counsel at the advocacy group Access Now, said Paragon had the reputation of being a better spyware company, “but WhatsApp’s recent revelations suggest otherwise.”
“This is not just a question of some bad apples — these types of abuses (are) a feature of the commercial spyware industry.”
AE did not immediately return a message seeking comment.
(Reporting by Raphael Satter in Washington and James Pearson in London; Editing by Jan Harvey and Rod Nickel)
