El leader of the Ciudadanos political party, Albert Rivera, has suffered an attack on his mobile phone via a trap message. This has happened in full political campaign before a new elections in Spain. The fourth national elections in just four years, two in the last seven months. All of this is creating a big problem as everything is blocked in the country and because each of those elections cost almost a hundred and a half million euros ... which could well be invested in other more necessary tasks such as education and health.
The attack on Albert Rivera's mobile device was aimed at hijacking your WhatsApp account to be able to impersonate him through this instant messaging app and to know what could have happened if he had not realized it and had not reported it. But Albert realized it and has reported it to the Civil Guard. The complaint occurred last Friday before the authorities, and now the Telematic Crimes Unit of the UCO is investigating the case.
Not much information has been disclosed, but for now they have only been able to access certain personal information of the Spanish politician, but these alleged cybercriminals could have impersonated him and sent messages to other politicians that Rivera had among his contacts. But instead of figuring out what could or could not have happened, which I leave to you, we are going to see the information we have on the case ...
Table of Contents
Let's leave the hackers alone!
Esto it is not an act of hackersLet's leave the hackers alone. A hacker is not a cybercriminal who is dedicated to these things. Hackers are those who have much superior knowledge about some field, especially programming and security, among others. Although it is true that cybersecurity specialists have hijacked the term hacker and are monopolizing it, be aware that there are hackers beyond security.
Shipping is probably many hackers who are working every day so that this type of thing does not happen, to guarantee telematic systems in elections, or to prevent cyber attacks on companies and organizations. Hackers are responsible for creating better computer systems and making them more secure. And despite this, the media, the Hollywood-led film industry, and literature criminalize them using the term hacker inappropriately.
Unfortunately these media are so powerful that they have made the word synonymous with hacker or cybercriminal. And for the majority of mortals, a hacker is a criminal who disembowels the network or computer systems ... Even the RAE has given it as valid, although recently they have added a second meaning away from this, but they maintain the first and have not yet given the all with the true meaning.
That said, it seems fair to me, we now go to see the case what has happened and how we could defend ourselves ...
How they managed to hijack WhatsApp
First say that WhatsApp is an instant messaging app owned by Facebook. Although they have implemented a series of security measures, it is not the first or the worst attack they have, nor is Albert Rivera the only politician who has suffered them. Not long ago, a group from Israel was involved in another massive attack on this app.
As you know, WhatsApp is designed to only work on devices mobile phones associated with a SIM card and a necessary phone number. This differentiates it from other apps that do not need a phone number to work. Although it is true that WhatsApp has clients to install on other devices such as computers, their use through the web, etc. (Any computer with an Internet connection and a compatible browser or client). But you always need a mobile for access.
This allows you to install WhatsApp on other platforms, but for access and to maintain the account, you always need to enter the phone number to which the messages are sent. verification SMS messages. These text messages have a numeric code required to start the WhatsApp session with all the content of contacts, archived chats, photos, etc., stored in the backup.
If someone tries to access your WhatsApp from another device, because know your mobile phone, what you can do is install the app or use it from the web, put your phone, but could not access. Since it would lack the verification code that they send you to your mobile. By this I mean two things: on the one hand, if I got that code, I would have everything to access your profile; And that if you have received these types of messages even though you have not been trying to access your WhatsApp account, it may mean that someone is trying to access your account.
Someone with bad intentions, once they know your phone could use phishing practices to try and get that missing code. What I could do, to give a simple example, is to send you a message through the app itself with an account with a profile photo with the WhatsApp logo, and as if it were a member of the company's technical team to ask you to tell him the code that you received by SMS. If you bite, you will have given him access ...
They could also send you an SMS after the SMS with the code, asking you to enter the code that has come to you and forward it to the same number that the second SMS sent you. In this case, they would again have what they need to hijack your account. Therefore, the important thing to prevent this type of incident is that you know that you ALWAYS have to keep the code. No one who is supposed to be from WhatsApp will ask you for it at any time, nor will you have to send it anywhere. ONLY ENTER IT IN THE APP ITSELF IF YOU HAVE LOGGED IN!
Once we understand how does the WhatsApp access system work, you will be able to better understand what happened with the Albert Rivera case. What they have done to it, and what the Cs has bitten is to take advantage of another mechanism different from the ones I have described above, but similar in terms of approach:
- A malicious person or group of people they reported to WhatsApp that the mobile number Albert Rivera's was usurped, that is, as if Cs's cell phone had been stolen.
- WhatsApp sent Albert Rivera a SMS with a verification code to validate its ownership.
- These unknown people posed as WhatsApp staff and asked you to send them the verification code by SMS. And it's the mistake Rivera made ...
- Now, once they have your phone number and code, they can log in and impersonate Albert Rivera.
What is the difference from what is described above? Well the tactical move to report the impersonation to WhatsApp. Why? Very simple, the service allows you to be using the app from different devices at the same time. If you are using several clients at the same time there will be no problem, in fact many do it to write more comfortably from their PC instead of typing from their mobile. But in this case, everything that is done from the PC client session can be seen from the mobile. In such a case, Albert could have detected suspicious activity and acted. On the other hand, if they take away his access and only give it to the other client, it is more favorable for cybercriminals ...