In April, Faustin Rukundo received a mysterious conversation about WhatsApp from a number he did not recognize.
He answered, but the line was silent and then it went dead. He tried to call back, but no one answered.
He didn't know it, but the phone had been compromised.
As a Rwandan exile living in Leeds, Mr. Rukundo is already privacy conscious. He searched for the number online and found that the code was from Sweden.
Strange, he thought. But he soon forgot about it.
Then the number rang again. Again no one picked up.
There were also lost calls from other numbers he did not recognize, and he began to become concerned about family safety, so he bought a new phone.
Within a day, the unknown number rang again.
"I tried to answer and they hung out before I heard any voice," Rukundo told the BBC.
"Every time I called back, no one answered. I realized something was wrong when I started seeing files missing from the phone.
" I spoke to my colleagues at the Rwanda National Congress and they also had similar experiences. They got missed calls from the same number as me. "
Rwanda National Congress is a group opposed to the Rwandan regime.
It was not until May when Rukundo read reports that WhatsApp had been hacked, that he understood what had happened.
" I read first the story of the WhatsApp hack on the BBC and thought: & # 39; Wow, this might explain what happened to me, & # 39; he said.
"I changed my phone and realized my error. They followed my number around and put the spyware on each new device by calling the same number."
For months, Rukundo was convinced that he and his colleagues were some of the estimated 1[ads1]400 people attacked by attackers who exploited the WhatsApp error.
But that was only confirmed to him this week after a conversation from Citizen Lab in Toronto.
For six months, the organization has been working with Facebook to investigate the hack and find out who was affected.
Researchers say: "As part of our investigation into the incident, Citizen Lab has identified over 100 cases of violent targeting of human rights defenders and journalists in at least 20 countries across the globe."
Mr. Rukundo's profile as an outspoken critic of the Rwandan regime is consistent with the type of people who were targets of this spy program.
It was allegedly built and sold by the Israeli-based NSO group and sold to governments around the world.
Hackers used the software to spy on journalists, human rights activists, political dissidents and diplomats.
Hr. Rukundo says he hasn't had any conversations since the original hack, but the experience has made him and his family paranoid and scared.
"Honestly, even before they confirmed this, we were phony and terrified. It looks like they only intercepted my phone for about two weeks, but they had access to everything," he told the BBC.
"Not just my activity during that ten me but my entire email history and all my contacts and contacts. Everything is seen, our computers, our phones, nothing is safe. Even when we talk, they could listen. I I still do not feel safe. "
Mr. Rukundo fled Rwanda in 2005 when government critics were arrested and imprisoned. He says he struggled to get his wife released after she was kidnapped and jailed for two months during a family visit in 2007.
Facebook, the owner of WhatsApp, is trying to sue the NSO group.
The NSO group denies any wrongdoing.
In court documents, Facebook accuses the company of exploiting a then-unknown vulnerability in WhatsApp.
The app is used by approximately 1.5 billion people in 180 countries.
The service is popular for its end-to-end encryption, which means that messages get encrypted as they travel over the Internet, making them unreadable. if they were caught.
The filing at the U.S. District Court of Northern California describes how the spy software was allegedly installed.
The powerful software known as Pegasus is a NSO Group product that can remotely retrieve valuable intelligence from mobile devices by sharing all telephone activity including communication and location data with the attacker.
- WhatsApp detects & # 39; targeted & # 39; surveillance attack
- WhatsApp sues Israeli company for phone hacking claims
In previous spyware attacks, victims have been tricked into downloading the software by clicking on the booby-trapped web links.
with the WhatsApp hack, Facebook claims it was installed on the victims' phones without doing anything at all.
The company states that between January 2018 and May 2019, NSO Group created WhatsApp accounts using phone numbers registered in various counties, including Cyprus, Israel, Brazil, Indonesia, Sweden and the Netherlands.
Then in April and May, the victims were attacked with a phone call over WhatsApp, it is claimed.
The filing states: "To avoid the technical constraints built into WhatsApp signaling servers, formatted defendant call initiation messages containing malicious code to act as a legitimate call and hidden. The code in the call settings.
" Hide it the code that conversation settings allowed the defendant to deliver to the target device and made the malicious code appear to come from WhatsApp Signaling Servers. "
The victims would be completely unaware that they In some cases, the only thing they noticed was mysterious lost calls in the WhatsApp log page.
The document states that Facebook:
- believes the hacking was an abuse of its computer network
- an injunction to stop NSO Group having access to its platforms.
- accepts that NSO Group allegedly conducted hacks on behalf of its customers, but Faceboo k goes after the company that the architects who created the software
NSO Group has been accused of supplying spyware that allowed the killers of journalist Jamal Khashoggi to track him.
NSO Group refuses involvement in that incident and says it will fight these latest allegations.
"In the strongest possible terms, we dispute today's charges and will fight them," the company said in a statement to the BBC.
"The sole purpose of the NSO Group is to provide technology to licensed authorities intelligence agencies and law enforcement agencies to help them fight terrorism and serious crime."