WhatsApp messages of military officers involved in Turkey’s attempted coup were published by the country’s state-run media outlets. This disclosure has prompted questions within Turkey about how the government may have accessed the WhatsApp messages. A Reddit user in Turkey started a thread asking other users on the discussion website “to describe how it can be happened” that WhatsApp messages were obtained by the government despite its implementation of end-to-end-encryption technology this year.
Security professionals are asking similar questions. Alan Duric, CTO at Wire Swiss GmbH, wrote in an email to that the messages may have been intercepted through any of several methods, including a “security flaw or backdoor” used by the ruling government. “It is also likely that if anyone was backing up the messages, they may not have done so securely,” he wrote.
The use of WhatsApp for operational security is the result of lack of education of the limits of encrypted messaging services, according to industry pros. “Encryption is not cracked, it is bypassed,” Geoff Green, president and chief executive officer of Myntex, told us. “They could easily inject code onto the device even if it is encryption protected, then they could watch it as you type.”
Communicating plans for a coup using a communication method that is unencrypted at rest “is extremely poor operational security,” wrote Blackstone Law Group partner Alexander Urbelis, an attorney who worked for the U.S. Army and the Central Intelligence Agency.
He noted that the messaging service protects against surveillance but does not protect communications if a “device that contains a correct cryptographic key falls into the wrong hands.”
If Turkish intelligence had compromised WhatsApp’s end-to-end encryption, “it is hardly likely the coup would have been as violent, chaotic, or lasted as long as it did,” he added.
The use of device spyware is also possible, especially considering a dramatic rise in the use of malicious code, according to Google’s Transparency Report published last week. The report demonstrated “an explosion of malware compromised sites, where malicious software is downloaded onto a computer without the user’s knowledge,” wrote Brian NeSmith president and CEO at Arctic Wolf Networks, in an email. “People are now even more at risk of getting infected from just normal day-to-day Internet usage.”
“I suspect Government had physical access to the soldier’s phone and ‘persuaded’ or extorted the soldier to unlock the device,” wrote one user on the Reddit thread.
The Daily Sabah newspaper reported that government officials had physical access to at least one the mobile devices used by military officers involved in planning the coup. The newspaper is owned by a “close associate” of Turkey’s president Recep Tayyip Erdoğan and run by Erdogan’s son-in-law.
Access to soldiers’ devices appear to be likely extraction methods, especially considering the range of “persuasive techniques” the Turkish government has employed in countering the sentiments of coup loyalists. Over the weekend, Amnesty International called for international monitors to observe detention centres in Turkey, citing ”credible reports” of detainees being beaten, tortured, and raped.
“Reports of abuse including beatings and rape in detention are extremely alarming, especially given the scale of detentions that we have seen in the past week,” Amnesty International’s Europe director John Dalhuisen stated, in a release on Sunday.
“Government intercepting messages as they are sent is difficult for governments to do,” Lee Reiber, COO at Oxygen Forensics, said, noting the information was likely extracted from the device. “That is definitely my suspicion,” he said in speaking with this publication.
A WhatApp representative declined to comment.
This article originally appeared at scmagazineuk.com