Catalangate Vectors: An Analysis of WhatsApp's Impact on Citizen Privacy & Amnesty International's MVT-Tool
DOI:
https://doi.org/10.5281/zenodo.12204664Keywords:
Catalangate, digital espionage, mobile forensics, mobile malware, NSO Group, Pegasus Spyware, MVT-ToolAbstract
The Catalangate espionage argues the existence of infections by using vectors of a very different nature. Vector A (WhatsApp Pegasus Notification) dates back to May 2019 when META released a patch to the CVE-2019-3568 exploit. Media publications such as EL PAÍS and The Guardian claimed that WhatsApp confirmed the President of the Catalan Parliament, and four other politicians had been infected by NSO Group's Pegasus software via the WhatsApp messaging network. A court case filed in Barcelona in 2022 regarding the hacking allegations was dismissed due to the inability to identify the offenders and the lack of a response from WhatsApp's headquarters in Ireland. Citizen Lab's Catalangate report only references the alleged hacking of the President of Catalan Parliament and does so without specifying the date of infection. Catalangate's Vectors B (Pegasus SMS’s) and C (Forensically Confirmed Pegasus Infections) are based on the use of MVT-Tool managed by Amnesty International. The MVT-Tool is a compilation of indicators that is used to identify devices that have been alleged to be compromised by Pegasus software developed by NSO Group. These indicators have been gathered through research conducted by Amnesty International's Security Lab and other partners. The Pegasus Project, which is a collaboration led by Forbidden Stories and includes a global network of investigative journalists, also provided technical information. It should be noted that the tool used may have some deficiencies in forensic analysis, which may lead to the production of false positives. The Catalangate report presents 65 cases of infections or targeting's that are alleged to be caused by the Pegasus software and or other. Four of these cases, known as Candiru, are not related to the alleged Pegasus attacks. The remaining cases are divided into three vectors, Vector A, Vector B and Vector C, which are believed to be related to Pegasus. This white paper will focus on analyzing the accuracy of the accusations related to Vector A, which does not utilize Amnesty International's MVT-Tool methodology, and the inaccuracies in the conclusions drawn from Vector B and Vector C that make use of Amnesty International's MVT-Tool methodology.
