The interception of private correspondence is always a touchy subject. On one hand there are questions of privacy and on the other hand state security. There are many people who are willing to trade privacy for security in an era which is dominated by terrorism, strife and other random senseless violence.
However, whatever may be the cost, privacy is important and the ability to carry out your business and private life without the fear of eavesdropping by third parties is still a right that most people yearn for. In an effort to protect their customer’s privacy, many companies are increasingly turning to encryption.
Telegram and WhatsApp both offer encryption to their combined 135 mln customers. While Telegram has used encryption longer than its rival, WhatsApp has since caught up. The idea that many people can now talk in private is perhaps somewhat of an understandable concern to the intelligence community. After all, it is their job to listen in.
German BND obtains funds to crack WhatsApp
The German Federal Intelligence Service (BND) has developed a technology called the Reconnaissance of Non-Standardized Communication in Internet Project (ANISKI) as a means to try to get around encryption. Recently, Russia Today quoted Netzpolitik as saying: “ANISKI will involve developing ‘analysis and processing software’ as well as ‘powerful deciphering hardware.’ It hopes to then ‘exploit… weaknesses in the implementation’ which will then ‘allow content to be opened’.”
The BND has been given a budget of 150 mln euros for hacking popular chat applications like WhatsApp, Telegram and others. The BND is currently only able to gather intelligence from 10 out of the 70 popular communication services in vogue. The stated aim of the BND according to Sputniknews.com is to “fight terrorism and illegal human trafficking in the Mediterranean Sea.”
Countries wage war against encryption
Encryption has become a serious spanner in the wheels of many nations and we have covered in detail how countries are reacting to the increasing use of encryption, with some countries even wanting to ban encryption. Brazil is a real test case for WhatsApp where a judge had even handed down a ban on encryption way back in December 2015. This led Mark Zuckerberg, the CEO of Facebook and the owner of WhatsApp, to publish a Facebook post on his account stating: “This is a sad day for Brazil. Until today, Brazil has been an ally in creating an open Internet. Brazilians have always been among the most passionate in sharing their voice online. I am stunned that our efforts to protect people's data would result in such an extreme decision by a single judge to punish every person in Brazil who uses WhatsApp.” It should be noted that Brazil has even gone so far as to jail Facebook Executive Diego Dzodan for failure to handover chat data.
In India, there has already been a Public Interest Litigation (PIL) filed against WhatsApp that has been decided by the country’s Supreme Court in favor of WhatsApp. The PIL alleged that encrypted applications post a “threat to national security.” The Indian Supreme Court, while rejecting the petitioner, directed him to the government run Telecom Regulatory Authority of India (TRAI) for further action.
BND may not even need to hack WhatsApp
While BND may have received 150 mln euros to “hack” WhatsApp, Forbes reported in June 2016 that there were vulnerabilities in mobile networks known as SS7 or Signalling System No.7. This allows a $20 mln spy service to listen in on any mobile device in the world so long as they have a phone number. Forbes published some videos on their website demonstrating the abilities of the company to hack into phones.
As for WhatsApp and Telegram, Forbes writes: “By tricking the telecoms networks into believing the hacker's phone has the same number as the target's. That means they can set up a new WhatsApp or Telegram account with the same number and will receive the supposedly secret code that confirms they are a "legitimate" user. From there, they can impersonate their target, sending and receiving new calls and texts.”
The SS7 vulnerability may not just be confined to WhatsApp. Bruce Schneier, in his book Data and Goliath, states that: “The UK company Cobham sells a system that allows someone to send a "blind" call to a phone - one that doesn't ring and isn't detectable. The blind call forces the phone to transmit on a certain frequency, allowing the sender to track that phone to within one meter. The company boasts government customers in Algeria, Brunei, Ghana, Pakistan, Saudi Arabia, Singapore and the United States. Defentek, a company mysteriously registered in Panama, sells a system that can "locate and track any phone number in the world...undetected and unknown by the network, carrier, or the target."