Israeli spyware company targeted journalists, civil society members through Whatsapp

WASHINGTON — Meta announced on Friday that the Israeli spyware company Paragon Solutions had targeted almost 100 journalists and members of civil society on the popular messaging platform WhatsApp.

A WhatsApp official told Reuters that it had detected an effort to hack approximately 90 users of its platform. A Guardian report cited experts as saying the targeting was a “zero-click” attack, meaning targets would not have had to click on any malicious links to instigate the hacking. The official told Reuters that WhatsApp had sent Paragon a cease-and-desist letter following the hacking. Paragon has not released a statement on the matter.

The official declined to say who, specifically, was targeted or where they were geographically, saying only that targets included an unspecified number of civil society and media figures. He said WhatsApp had since "disrupted" the hacking effort.

It is not yet clear who was behind the attack. According to the Guardian, like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.

The official speaking to Reuters declined to discuss how it ascertained that Paragon was responsible for the hacking. He said law enforcement and "industry partners" had been informed of the hacking, but would not elaborate.

Paragon Solutions was co-founded in 2019 by former Israeli prime minister Ehud Barak and its chairman is Ehud Schneorson, a former commander of the Israeli army's Intelligence Unit 8200. In mid-December, Israeli media reported that the company was to be sold to a U.S. private equity firm, AE Industrial Partners, for $900 million. Despite the sale, Paragon would remain an Israeli company, with its leadership at the helm. A date was not provided for the purchase. 

A Jerusalem Post article from late December says Paragon was launched around the time when it was revealed that Pegasus, a cyberattack system developed by the Israeli cyber-arms company NSO Group, had been used by "undemocratic regimes to spy on journalists, human rights activists, and even opposition politicians in various countries." 

Paragon, in response, painted itself as a manufacturer of "ethical" spyware. On its website, Paragon describes its service as one that "provides our customers with ethically based tools, teams, and insights to disrupt intractable threats." Paragon created "Graphite," a software tool that allows users — among them governments in any one of the 34 countries that Paragon operates in — to access, collect, and extract data backed up from an individual’s smartphone phone to a data cloud. According to The Times of Israel, "Graphite" is also capable of extracting data from encrypted messaging apps such as WhatsApp, Telegram, and Signal.

In job listings mentioned in a Reuters report from December, Paragon says it “applies strict moral restrictions on itself,” limits the information it targets to conversations on messaging apps, and only works with government agencies that “meet the standards of an enlightened democracy."