Senior government officials in several US allied countries. The US, including Pakistan, were attacked earlier this year with piracy software that WhatsApp from Facebook Inc used to take over users' phones, according to people familiar with the courier's investigation.
Sources familiar with WhatsApp's internal investigation into the rape said that a "significant" part of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. They said that many of the nations are allies of the United States.
The piracy of a larger smartphone group of senior government officials than previously reported suggests that the cybernetic intrusion of WhatsApp could have broad political and diplomatic consequences.
Some victims are in the United States, United Arab Emirates, Bahrain, Mexico, Pakistan and India, people familiar with the investigation said. Reuters, however, could not verify whether government officials were from those countries or from other places.
Some Indian citizens have made themselves public with accusations that they were among the objectives in recent days; they include journalists, academics, lawyers and defenders of the Dalit community in India.
WhatsApp filed a lawsuit on Tuesday against Israeli developer of hacking tools NSO Group. The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploded a flaw in WhatsApp-owned servers to help customers hack the cell phones of at least 1,400 users between April 29, 2019 and on May 10, 2019.
The total number of pirated WhatsApp users could be even greater. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to enter your phone from April 1.
While it is not clear who used the software to hack the phones of officials, NSO has said it sells its spyware exclusively to government customers.
NSO said in a statement that "it could not reveal who a customer is or not or discuss specific uses of its technology." He has previously denied doing anything wrong, saying that his products are only meant to help governments catch terrorists and criminals.
Cybersecurity researchers have questioned these claims over the years, saying that NSO products were used against a wide range of objectives, including protesters in countries under authoritarian rule.
Citizen Lab, an independent surveillance group that worked with WhatsApp to identify piracy targets, said Tuesday that at least 100 of the victims were civil society figures, such as journalists and dissidents, not criminals.
John Scott-Railton, a senior researcher at Citizen Lab, said it was not surprising that foreign officials were attacked as well.
"It is an open secret that many brand technologies for police investigations are used for state and political espionage," said Scott-Railton.
Before notifying the victims, WhatsApp verified the list of objectives against existing requests for application of the information law related to criminal investigations, such as cases of terrorism or child exploitation. But the company found no overlap, said a person familiar with the matter. Governments can send such information requests to WhatsApp through an online portal that the company maintains.
WhatsApp has said it sent warning notifications to affected users earlier this week. The company has refused to comment on the identities of the NSO Group customers, who finally chose the objectives.