Ironically, Gibson used to work at companies that developed exactly the kind of spyware that could trigger such a notification. Still, he was shocked that he received a notification on his own phone. He called his father, turned off and put his phone away, and went to buy a new one.
“I was panicking,” he told TechCrunch. “It was a mess. It was a huge mess.”
But while Apple, Google, and WhatsApp alert, they don’t get involved in what happens next. The tech companies direct their users to people who could help, at which point the companies step away.
This is what happens when you receive one of these warnings.
You have received a notification that you were the target of government hackers. Now what?
First of all, take it seriously. These companies have reams of telemetry data about their users and what happens on both their devices and their online accounts. These tech giants have security teams that have been hunting, studying, and analyzing this type of malicious activity for years. If they think you have been targeted, they are probably right.
It’s important to note that in the case of Apple and WhatsApp notifications, receiving one doesn’t mean you were necessarily hacked. It’s possible that the hacking attempt failed, but they can still tell you that someone tried.
What happens next depends on who you are.
If you don’t want or can’t use MVT, you can go straight to someone who can help. If you are a journalist, dissident, academic, or human rights activist, there are a handful of organizations that can help.
Outside of these categories of people, politicians or business executives, for example, will have to go elsewhere.
If you work for a large company or political party, you likely have a competent (hopefully!) security team you can go straight to. They may not have the specific knowledge to investigate in depth, but in that case they probably know who to turn to, even if Access Now, Amnesty, and Citizen Lab cannot help those outside of civil society.
Otherwise, there aren’t many places executives or politicians you can turn to, but we have asked around and found the ones below. We can’t fully vouch for any of these organizations, nor do we endorse them directly, but based on suggestions from people we trust, it’s worth pointing them out.
What happens next depends on who you go to for help.
Generally speaking, the organization you reach out to may want to do an initial forensic check by looking at a diagnostic report file that you can create on your device, which you can share with the investigators remotely. At this point, this doesn’t require you to hand over your device to anyone.
This first step may be able to detect signs of targeting or even infection. It may also turn out nothing. In both cases, the investigators may want to dig deeper, which will require you to send in a full backup of your device, or even your actual device. At that point, the investigators will do their work, which may take time because modern government spyware attempts to hide and delete its tracks, and will tell you what happened.
Unfortunately, modern spyware may not leave any traces. The modus operandi these days, according to Hassan Selmi, who leads the incident response team at Access Now’s Digital Security Helpline, is a “smash and grab” strategy, meaning that once spyware infects the target device, it steals as much data as it can and then tries to remove any trace and uninstall itself. This is assumed as the spyware makers trying to protect their product and hide its activity from investigators and researchers.
If you are a journalist, a dissident, an academic, or a human rights activist, the groups who help you may ask if you want to publicize that you were attacked, but you’re not required to do so. They will be happy to help you without taking public credit for it. There may be good reasons to come out, though: to denounce the fact that a government targeted you, which may have the side effect of warning others like you of the dangers of spyware; or to expose a spyware company by showing that their customers are abusing their technology.
We hope you never get one of these notifications. But we also hope that, if you do, you find this guide useful. Stay safe out there.
International