17 June 2020 01:29 am Views - 1227
- Several hours after the messages started appearing, more details became clear. The number used to for the attack was one that was registered with, possibly amongst other groups, the very popular WhatsApp group curated by Groundviews
- The phishing attempt that targeted journalists and others working in related fields should have raised a heap of red flags
- Even that group sprang a leak, when someone linked in forwarded a message to someone outside of it and the message was traced back to the group
- For those politely refused the request for the WhatsApp code there was a bit farce that followed, complete with crying emojis
Those who are wary of online hygiene through choice or necessity tend not to reply to these types of messages, especially from unknown numbers. The situation changes if the message came from a known number or one that was in the contacts.
Many who got this message did not react. But as much as I know, a few did and sent their WhatsApp log-in code to the number. Shortly after receiving the message, the same phones got a message from WhatsApp with a six-digit code. The code is sent when the number is logged on to WhatsApp from a new device.
By sending this security code to an outsider, the WhatsApp app on the target phone is rendered accessible to a third-party. This is the best possible scenario. In the worst-case scenario, data from other apps, contacts, messages and online backups also risk compromise.
The number that was used for this kind of cyber-attack called phishing is where the bigger question marks lie. The number where the message with two hearts originated from came off a SIM card that was swapped. The registered owner of the SIM was in possession of the SIM and the phone when this attack was underway. Swapping a SIM is not a simple task. What this really does is convincing the carrier to transfer the number to a SIM that the attackers own. Even high-profile targets like the head of Twitter faced such an attack in August 2019. Here is where this story takes a sinister turn.
Several hours after the messages started appearing, more details became clear. The number used to for the attack was one that was registered with, possibly amongst other groups, the very popular WhatsApp group curated by Groundviews.
“The compromised, cloned mobile number was on the original Groundviews WhatsApp group used to send
Groundviews also hinted at some details of the compromised number – “the registered owner of the number along with the institution the owner works in is seriously investigating at this breach. It is up to this registered owner to lodge a complaint, for what it is worth, with the local authorities around this case.”
And at the level of tech sophistication that is required to carry out such a cloning – “in sum, this is an attack that used a combination of technical prowess and confidence hacking (many in the The phishing attempt that targeted journalists and others working in related fields should have raised a heap of red flags group may have the compromised/cloned number associated with an address book entry in their phone). Again, this demonstrates strategic intent and technical resourcefulness.”
The phishing attempt that targeted journalists and others working in related fields should have raised a heap of red flags. There is already evidence that phone tracking is taking place in Sri Lanka with limited reach as part of epidemiological tracing efforts of COVID-19 infections. What is not known is the potential reach and width of these capabilities and to what other purposes they can potentially be employed in the future.
Few hours after the phishing attempt was made public by Groundviews, many colleagues back in Sri Lanka were talking of a mass migration to more secure apps. More worrying but not noticed by many is the dismal levels of digital hygiene in Sri Lankan in general and among the media fraternity in particular.
Use of small groups connected through mobiles is nothing new in Sri Lanka media circles. The earliest I was part of was one that was used by a trusted group of journalists to exchange information at the height of the war. All members of the group were known to each other.
Even that group sprang a leak, when someone linked in forwarded a message to someone outside of it and the message was traced back to the group.
WhatsApp groups have been far more prolific and widespread, used by everyone from the neighbourhood three-wheeler park to moms at the school. They became essential mainstays for journalists during the October 2018 Constitutional Crisis and then the Easter Attacks.
For those politely refused the request for the WhatsApp code there was a bit farce that followed, complete with crying emojis.
The writer is a Post-grad Researcher at CQUniversity, Melbourne focusing on online journalism and trauma
Twitter - @amanthap