The reckless use of WhatsApp in Moncloa
The leak of private WhatsApp conversations between Prime Minister Pedro Sánchez and former Transport Minister José Luis Ábalos has once again brought to light—as it did in May 2022 when the Moncloa government reported that several members of the government had been spied on using Pegasus—the security of the communications environment between the highest echelons of power. This time, the system that protects mobile phones is not being questioned, since it is obvious that the access to the chats is not due to a malicious virus like the one that infected the phones of pro-independence leaders. Rather, it is a question of why government heavyweights were communicating through a messaging system like WhatsApp, which has been questioned by countless security services. The use of WhatsApp by ministers is even more surprising considering that the government has its own internal communications application developed by Indra: COMSec.
The development of the COMSec app is national; a condition that is essential for intelligence.The Moncloa Palace has its own dedicated, secure communications system between the Presidency and members of the Government, as well as with other high-ranking state institutions. It only allows communication between institutions that have one. And it is only used in extreme emergency situations, such as the massive blackout that Spain experienced on April 28. "The legislature will end without the Minister of Culture probably using it," notes a minister who has had to use it from his office on several occasions. This member of the Government and most of his colleagues retain their personal cell phones, which they use to communicate with their circles prior to their arrival at the Council of Ministers, and another "secured" one provided by the Moncloa Palace when they were appointed to their respective portfolios. These devices are subject to routine checks by the National Cryptologic Center (CCN).
Read also The government will take legal action if a judicial investigation into the leak of Sánchez and Ábalos' conversations is not opened. Juan Carlos Merino
COMSec is installed on these mobile devices, offering end-to-end encrypted communications services for voice, video, messaging, and file transfers between system users. With a very similar appearance to WhatsApp—it even allows the creation of groups—it uses random passwords for each call or message. But above all, the key—and an essential condition for intelligence services—is that the technology is developed nationally. Hence, cybersecurity experts like Josep Albors, head of research and awareness at ESET Spain, are surprised by the messages between Sánchez and the former all-powerful man in the PSOE (Spanish Socialist Workers' Party): not because of their content, but because of the use of WhatsApp, which belongs to Meta.
Image from COMSec
LV"It's in the hands of the United States. For geopolitical reasons alone, it's not advisable at all," Albors asserted in a telephone conversation. He explained that US laws require service providers, such as WhatsApp, to provide stored information, citing national interest, potentially circumventing the rules. This wouldn't be logical between allied countries, but it could be technically possible. Albors cites as an example the moment when any user changes mobile device and WhatsApp allows them to recover all their previous conversations, which have been stored in a cloud.
The problem with COMSec is that the license for its installation is only available to a select few, so if members of the government want to have a conversation with another user, they tend to turn to WhatsApp, as they have been doing this week, despite the conversations made public. The Council of Ministers does not believe the leaks will mark a turning point in the use of its messaging apps. Cybersecurity experts point to an intermediate system like Signal, with greater metadata protection and the ability to not share information with third parties. This app does not allow screenshots of conversations, offers the option to prevent the mobile phone keyboard from recording what is typed, and allows call redirection to hide the IP address.
lavanguardia
