- WhatsApp CEO Will Cathcart told The Guardian that officials of US allies were malware targets.
- WhatsApp sued NSO Group in 2019, saying the Israeli company sent malware to 1,400 devices.
- "There is no such thing as an encryption backdoor for just the good guys," Cathcart said.
- See more stories on Insider's business page.
WhatsApp CEO Will Cathcart said senior government officials of US allies, including some in national-security roles, were targets of Pegasus phone malware in 2019.
Cathcart's statements, which were featured in an interview by The Guardian on Sunday, followed reports last week from the Pegasus Project, a consortium that included The Guardian, The Washington Post, and Amnesty International.
The reports said an Israeli company sold access to military-grade spyware, which was used to hack the phones of journalists, activists, and government officials.
NSO Group, the company behind the Pegasus software, denied the phone numbers leaked to the consortium were Pegasus targets.
WhatsApp sued NSO Group in October 2019, saying about 1,400 mobile devices running the app were targeted by the company's surveillance software.
According to the complaint, NSO Group had gained access to WhatsApp's servers to target "attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials." The lawsuit is ongoing.
"The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then," Cathcart told The Guardian.
There were more than 50,000 phone numbers on a leaked list of potential Pegasus targets, although it was unclear how many had actually been targeted, Forbidden Stories said. The list included numbers for French president Emmanuel Macron, Pakistani prime minister Imran Khan, and South African president Cyril Ramaphosa, Amnesty International said.
NSO Group said the consortium's reports were inaccurate, denying the numbers on the list were targets or potential targets of Pegasus. It said it would no longer reply to media questions about the software.
"The numbers in the list are not related to NSO group," the company said in a statement on Wednesday under the headline Enough is Enough. "Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false."
The Pegasus software was designed to "covertly collect information about your target's relationships, location, phone calls, plans and activities - whenever and wherever they are," according to a product description included as an exhibit in WhatsApp's 2019 lawsuit.
The software tracked GPS locations, monitored voice and VoIP calls, and collected other information, the description said. It also "[l]eaves no trace on the device."
The software was reportedly sold to governments.
"There is no such thing as an encryption backdoor for just the good guys," Cathcart said on Twitter last week. "A backdoor would be abused. And a backdoor would be a gift to hackers, criminals, spyware companies, and hostile governments, with dangerous consequences for safety and security."