It is a common notion that instant messaging apps like WhatsApp must implement the strongest possible encryption to prevent user tracking and privacy invasion. That’s fine from a user’s perspective. However, what if the user is a potential terrorist and the law enforcement fails to nab the individual only because of the security restrictions?
The same has happened in a recent incident involving European law enforcement and an alleged ISIS member.
The Wall Street Journal reports that European investigators had managed to install spyware in the mobile phone of a suspected terrorist having links with the so-called Islamic State. Through the spyware, the investigators were tracking the suspect and were about to locate him but failed because the suspect was warned by WhatsApp.
Resultantly, the suspect shut off his phone and the investigators were unable to track his whereabouts any further.
See: SnoopSnitch — An App That Detects Govt’s Stingray Mobile Trackers
Reportedly, on 29 October 2019, the Facebook-owned WhatsApp sent a warning to 1,400 users including journalists and activists informing them that their phone is hacked by a very “advanced cyber actor.” The suspect was among those users receiving the warning.
The warning message read:
“An advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted.”
Here’s a full preview of the message sent by WhatsApp:
The investigators revealed that they got spyware from the Israel-based infamous NSO Group to track down the suspect. They learned about the possibility of a terror attack during the holidays and could have arrested him if the phone wasn’t shut off.
“We only had that one phone; We put all our efforts into using this product to see what he was doing, which mosque he was going to, who was talking to him, whether the group was spread in neighboring countries,” but their efforts were rendered ineffective because of WhatsApp’s intervening, explained the head of the investigation team.
The investigators had obtained special permission from an unidentified judge to hack the suspect’s phone using every possible method. When they identified that suspect was using encrypted messaging from WhatsApp for communicating with his aides, they bought spyware to hunt him down. The Western European country’s government used its contract with the NSO Group to get the spyware they needed.
See: Police confiscate surveillance van loaded with hacking tools
In its defense, WhatsApp claims that it doesn’t allow any kind of spying, be it from users or government agencies, as it is an illegal approach. The issuance of warning was necessary to protect its users.