In April-May of 2019, a series of attacks took place on approximately 1400 WhatsApp accounts using a malware built by an Israeli company NSO. The spyware could be injected into phones by merely ringing the number of a target's device.

Whatsapp then reached out to people impacted by the malware. Citizen Lab, a research group, based at the Munk School of Global Affairs & Public Policy, University of Toronto, volunteered to work with WhatsApp to understand the attack and reached out to civil society targets. Among those who were targeted is our principal diplomatic correspondent Sidhant Sibal.

He spoke to John Scott Railton, Senior Researcher at Citizen Lab at Univerity of Toronto, on what is next and how to be sure that there is no repetition of the attack.

John Scott Railton: In this case, according to WhatsApp's announcement, around 1400 were targetted, and based on citizen lab's work, we can say, about 100 of them were members of the civil society. The company that WhatsApp has publically named is called NSO group, and they sell power technology to target and carry out surveillance of people. The service allows monitoring people through their cellphones, monitoring their calls, snooping on their text messages, pulling their private photographs, remotely turning on their microphones, and listening to what is happening in a room.  The problem is that the use of this technology is unaccountable and as evident from the case, when the government gets the ability of unaccountable surveillance, they often go after very familiar targets like journalists and human rights activists.

John Scott Railton: There are steps everyone can take to be more secure and private online. One of them is using an encrypted messaging service. It is clear after Whatsapp's lawsuit that they are not only working behind the scenes but have put their litigators where their mouth is. They are going after the company that is targeting users and it's a big win for human rights. The existence of companies likes NSO creates this continued monitored cyber risk around the globe. One of the most important things is that there are investigations and transparency on how these technologies are used, and in some cases, accountability is the best protection we have given how this powerful technology is.

John Scott Railton: Whenever there is a hack, inevitably people ask if the service is secure. Honestly, groups target you depending on who you are and what you do. At the end of the day, as an individual you choose what technology to use. We have to understand how companies behave when things go wrong. In this case, WhatsApp users were targeted and WhatsApp not only worked behind the scenes to close vulnerability, but they took an unprecedented step. They went to court. It is a powerful signal to the users and the general population that WhatsApp is working very hard to protect the privacy of the users. No one can tell you to use something perfect; you have to use your own judgment.