Intelligence services in the Netherlands have put out a dire warning regarding a massive cyber operation against the personal messages of government officials, journalists and military men and women throughout the globe. The operation targets accounts on the popular encrypted messaging apps, like Signal and WhatsApp. The Netherlands authorities claim that attackers are trying to lure users to provide security check-up codes enabling them to gain access to a personal account and possibly access important communications.
This warning was provided by the General Intelligence and Security Service of the Netherlands in collaboration with Dutch Military Intelligence and Security Service. Researchers are of the opinion that the campaign is part of a larger operation to spy on those that deal with confidential information on a regular basis concerning politics, defense, or national security. Even though people usually trust encrypted messaging applications in order to communicate in a safe manner, the intelligence officials indicate that the attackers are not hacking encryption systems. Rather, they are influencing users with a well thought out set of dialogues.
In most of the cases that are reported, hackers make the first contact with the help of chat messages that seem to be posted by official technical support services. These are often counterfeit accounts which claim to be Signal Support and are crafted to appear authentic enough so as to be trusted by the user. When the discussion starts, the perpetrators lead the victims to believe that they have undergone a normal security check or account verification procedure.
This is aimed at convincing the users to give out the six digit verification numbers or the personal identification numbers sent out by messaging platforms when they make a request to log-in. They are codes that validate that the account owner is making a log in. Nevertheless, when they fall into the hands of another person, then they can log in and use the account on another gadget and in effect, hijack the account.
As soon as the attackers are logged into the system, they will be able to see private conversations and read group chats as well as contacts. Since a number of officials and journalists use messaging apps to send brief messages regarding the issue of work, hacked accounts can reveal those discussions that were not initially intended to be shared.
According to Dutch intelligence officials, the effects of the campaign may already be immense. The General Dutch Intelligence Agency (AIVD) and Dutch Military Intelligence and Security Service (MIVD) announced that the Russian hackers must have acquired sensitive information. The agencies affirmed that part of the targets involve employees in the Dutch government and journalists who might deal with the sources to relay any political or security related information.
Signal and WhatsApp are messaging platforms associated with end to end encryption. The technology makes sure that messages are only readable by the sender and the destination recipient. The companies that run the platforms have no access to the contents of the messages once they have been transferred. Professionals with the need to have a secure communication channel often use this reputation of having great privacy protection to use the apps.
Nevertheless, experts in the intelligence community underline that encryption does not secure users in case they are fooled into providing authentication data. Even the most powerful technical security controls are sometimes defeated by other social engineering tricks such as impersonation, false support messages, and alarming security notices.
Another trick that was used in the campaign, which was also discovered by the investigators, is the linked devices feature built into Signal. The option enables the user to link their messaging account to any other device including a laptop or a tablet such that the messages could be read at more than one place. In case attackers acquire the required login codes, they may connect their device to the account and not be noticed by the victim at once.
When a gadget is connected, it may allow a hacker to spy on the transmission and reception of messages. This complicates the process of detection of the intrusion since the original account owner may still use the application normally where a different device is also operating in the background.
Officials indicate that it is possible to tell there are indications that may give an indication that an account has been breached. As an example, a user may find that there are two contacts in his or her address book. The other possible indication of it is when one finds a familiar number labeled as a deleted account. These are strange developments that could be a sign that another person has accessed the messaging profile.
After the exposure of the campaign, Dutch officials sent out cybersecurity warnings to the government departments and officials who could be in danger. These advisories give an account of the mechanism of the attack and provide information regarding the process in identifying suspicious messages. Technical teams have been also deployed to help people whose accounts could have been compromised or hacked into.
The WhatsApp messaging service reacted by reminding users about one of the most significant digital security rules. The company emphasized that verification codes must not be disclosed to anyone, even people who appear to be the technical support teams. WhatsApp responded in a statement to Reuters that it is still striving to come up with more resistant measures that can help its users protect themselves against online threats.
Another platform listed in the warning, Signal, was not quick to respond to comment requests. The app has earned a good reputation as being security conscious amongst privacy activists and cybersecurity experts. Nevertheless, experts observe that no platform is able to ensure that users are not deceived by attackers in case the latter manage to persuade somebody to provide such sensitive information as logins.
According to cybersecurity experts, such campaigns are an indication of an emerging trend in contemporary digital espionage. Rather than using technical tools of hacking, most operations currently involve psychological tools, which use the trust and psychological traits of people. Attackers can sometimes compromise advanced security systems without advanced technical vulnerabilities by pretending to be support personnel or people they trust.
The messaging application has become the key to the contemporary communication at the governmental offices, in newsrooms and even in diplomatic circles. Faster discussions which were done via emails or official means are now commonly done via encrypted chats. This ease of use enables information to travel fast and it also implies that one account breached could reveal a lot of intimate dialogue.
The director of the Dutch Military Intelligence and Security Service, Vice Admiral Peter Reesink, cautioned that the incident ought to be used to remind of the boundaries of the commonly used messaging tools. He said that messaging apps like Signal and WhatsApp cannot be used as a channel of sharing classified, confidential or sensitive information, despite their end-to-end encryption option.
