Instead of exploits and platform hacking, attackers use the built-in features of instant messaging apps against account owners.
Signal and WhatsApp messages have once again become the focus of intelligence agencies, but this time the problem stems not from hacking the messaging apps themselves, but from much more mundane tactics. Attackers are waging a large-scale campaign against government officials, military personnel, diplomats, and civil servants, attempting to gain access to their personal accounts through deception and manipulation.
The Dutch intelligence and security services MIVD and AIVD confirmed that Dutch government officials were among the targets and casualties. The agencies also assess that other individuals of interest to foreign authorities, including journalists, may also be targeted.
The scheme revolves around security codes and PINs that protect Signal and WhatsApp accounts. Attackers typically impersonate a Signal support chatbot and convince victims to provide a verification code. Once the code is obtained, the attackers take over the account. Another trick involves the device linking feature in Signal and WhatsApp, which also allows access to messages without hacking the service itself.
After taking over an account, the attackers read incoming messages and view group chat conversations. According to Dutch authorities, this campaign may have already leaked sensitive data.
Experts attribute the interest in Signal to the messenger's reputation. The service has long been considered a reliable and independent communication channel with end-to-end encryption, which is why government agencies and employees often choose Signal for internal communications. This popularity makes the messenger a particularly attractive target for those seeking sensitive information.
The MIVD specifically emphasized that even messaging apps with end-to-end encryption are not suitable for transmitting classified, confidential, and other sensitive information. The head of the AIVD also clarified that this does not mean the entire Signal or WhatsApp platform has been compromised. Attackers are not hacking the platform as a whole, but are targeting individual users and exploiting the services' built-in security features.
To mitigate the risk of such attacks, the MIVD and AIVD issued a separate warning with tips on recognizing such hacking attempts and what to do after an incident. The document also includes recommendations for Signal users to help them understand whether a friend or colleague's account may have been compromised.
Signal and WhatsApp messages have once again become the focus of intelligence agencies, but this time the problem stems not from hacking the messaging apps themselves, but from much more mundane tactics. Attackers are waging a large-scale campaign against government officials, military personnel, diplomats, and civil servants, attempting to gain access to their personal accounts through deception and manipulation.
The Dutch intelligence and security services MIVD and AIVD confirmed that Dutch government officials were among the targets and casualties. The agencies also assess that other individuals of interest to foreign authorities, including journalists, may also be targeted.
The scheme revolves around security codes and PINs that protect Signal and WhatsApp accounts. Attackers typically impersonate a Signal support chatbot and convince victims to provide a verification code. Once the code is obtained, the attackers take over the account. Another trick involves the device linking feature in Signal and WhatsApp, which also allows access to messages without hacking the service itself.
After taking over an account, the attackers read incoming messages and view group chat conversations. According to Dutch authorities, this campaign may have already leaked sensitive data.
Experts attribute the interest in Signal to the messenger's reputation. The service has long been considered a reliable and independent communication channel with end-to-end encryption, which is why government agencies and employees often choose Signal for internal communications. This popularity makes the messenger a particularly attractive target for those seeking sensitive information.
The MIVD specifically emphasized that even messaging apps with end-to-end encryption are not suitable for transmitting classified, confidential, and other sensitive information. The head of the AIVD also clarified that this does not mean the entire Signal or WhatsApp platform has been compromised. Attackers are not hacking the platform as a whole, but are targeting individual users and exploiting the services' built-in security features.
To mitigate the risk of such attacks, the MIVD and AIVD issued a separate warning with tips on recognizing such hacking attempts and what to do after an incident. The document also includes recommendations for Signal users to help them understand whether a friend or colleague's account may have been compromised.
