The Department of Communications and Digital Technologies announced yesterday that Minister Stella Ndabeni-Abrahams’s WhatsApp account had been hacked.
The department said the hack had resulted in private and confidential information being exposed.
While the department inferred that the Minister’s WhatsApp account had been compromised, it is not clear how attackers purportedly gained access to the Minister’s WhatsApp messages.
MyBroadband asked the Department of Communications for additional information on the hack, but it declined to provide further comment.
To outline the possibilities which may have caused the Minister’s WhatsApp account to become compromised, we spoke to Orange Cyberdefense South Africa managing director Dominic White.
White clarified that his analysis was speculative considering the lack of information shared by the department regarding the hack.
“There’s been no information shared, so my answer is a generic ‘what if’ rather than any sort of informed take on what happened in this specific incident,” White said.
Compromising the Minister’s WhatsApp account
White said hacking WhatsApp directly to target a specific person would be a sophisticated and risky attack, and is therefore by far the least likely possibility.
He outlined the following alternative scenarios in which an attacker could have gained access to the Minister’s WhatsApp account, ordered from most to least likely:
- Physically copying some messages from the device, or other backups, for example on a laptop or external hard drive.
- SIM-swap fraud. This would be noticed.
- Access to WhatsApp Web, most easily achieved through short-term access to her device. This could also be noticed as WhatsApp notifies you of other sessions.
- Access to her cloud backups, e.g. social engineering her iCloud password.
- Malware on her device either through a hack of her iPhone or short-term physical access. This would be a more sophisticated hack requiring private iOS exploits.
“You’ll note that most of these aren’t actually attacks against WhatsApp directly, but rather other places where WhatsApp messages may be stored or accessed,” White said.
Scope of the hack
He added that although sensitive information from WhatsApp was exposed in the purported hack, other applications and accounts could also have been compromised.
“They say her WhatsApp account has been hacked, but that doesn’t mean only her WhatsApp account was exposed. Depending on the attack, other accounts could be exposed too,” White said.
“They might be noting the WhatsApp account publicly to instruct people to validate WhatsApp communication received from her.”
“There might be politics at play too, but I’m not an expert in those and would prefer not to engage in that speculation,” he said.
Regarding the legitimacy of the department’s claim that the account was actually hacked, White said this would require a thorough investigation to determine.
“Until we see comment from a capable investigator, or information comes out in court proceedings, we’re very unlikely to get any usable facts to make the determination independently,” he said. “Time will tell.”