WhatsApp pulls plug on Taliban helpline, shuts down official-looking accounts

Terrorists' complaint service a bridge too far for encrypted chat biz


For months, Facebook's WhatsApp paid no attention to the way the Taliban used the messaging service to sell surrender to the people of Afghanistan.

After reestablishing control of Afghanistan with minimal armed resistance, the Taliban, a Specially Designated Global Terrorist entity since 2002, took over the capital city of Kabul on Sunday and set up a helpline to allow civilians to report problems, such as looting and violence, during the regime change.

Finally, WhatsApp has decided to take action – it has shut down the complaint service, along with other Taliban communication channels, now that the Taliban are the de facto government of the country. What was the nation's government has collapsed, and Afghan President Ashraf Ghani reportedly fled in a helicopter packed with cash.

"We're obligated to adhere to US sanctions laws," explained a WhatsApp spokesperson in response to an inquiry from The Register.

We're seeking more information from relevant US authorities given the evolving situation in Afghanistan

"This includes banning accounts that appear to represent themselves as official accounts of the Taliban. We're seeking more information from relevant US authorities given the evolving situation in Afghanistan."

Facebook has maintained a ban on the Taliban for years, and said it was proactively removing content linked to the Taliban as the women-enslaving military organization seized control of Afghanistan this month. Yet, WhatsApp appears to have been widely used by the militant group. In response to other reports about the situation in Afghanistan, WhatsApp suggested that its use of end-to-end message encryption has limited visibility into what sanctioned entities or individuals are doing on its platform.

However, WhatsApp's significance in Afghanistan in this instance may have more to do with its reach among the Afghan people than with the content moderation challenges of encrypted content. Had the Taliban been communicating only among themselves, their surrender sales pitch would not reach the intended audience.

Meanwhile, TikTok has said it will continue to remove Taliban content while Twitter and YouTube reportedly plan to rely on their existing platform rules to guide content enforcement decisions.

A question of responsibility

In a blog post on Sunday, Preston Byrne, a partner at law firm Anderson Kill, argued that Facebook and the US government are responsible for failing to silence Taliban messaging when doing so could have made a difference.

"WhatsApp is an American product," he wrote. "It can be switched off by its parent, Facebook, Inc, at any time and for any reason. The fact that the Taliban were able to use it at all, quite apart from the fact that they continue to use it to coordinate their activities even now as American citizens’ lives are imperiled by the Taliban advance which is being coordinated on that app, suggests that US military intelligence never bothered to monitor Taliban numbers and never bothered to ask Facebook to ban them."

It's not clear whether earlier intervention by WhatApp would have changed anything – the obstacles to US success in Afghanistan date back decades and are orders of magnitude greater than any single communications channel.

But concerns about the destabilizing effect of social media also go back a long way too. Historically, Facebook and its subsidiaries have been slow to publicly acknowledge the ways in which social media platforms can be used to sway public opinion.

In 2018, WhatsApp took steps to limit message forwarding following criticism that the social media service helped stoke violence in Myanmar and India. That same year, Facebook banned 20 organizations and individuals from its service after a UN report criticized the company for failing to prevent violent rhetoric on its platform.

In 2016, Facebook CEO Mark Zuckerberg said the idea that fake news influenced the 2016 US presidential election was "a pretty crazy idea," only to backtrack 10 months later.

Perhaps it's too much to hope that social media platforms will learn to anticipate these problems instead of reacting after the fact or dismissing them as lunacy. ®

Broader topics


Other stories you might like

  • Another VPN quits India, as government proposes social media censorship powers
    New Delhi now fighting criticism of eroding free speech and privacy with two proposed regulations

    India's tech-related policies continue to create controversy, with fresh objections raised to a pair of proposed regulation packages.

    One of those regulations is the infosec reporting and logging requirements introduced by India's Computer Emergency Response Team (CERT-In) in late April. That package requires VPN, cloud, and numerous other IT services providers to collect customers' personal information and log their activity, then surrender that info to Indian authorities on demand. One VPN provider, ExpressVPN, last week quit India on grounds that its local servers are designed not to record any logs so compliance would be impossible. ExpressVPN will soon route customers' traffic outside India.

    On Tuesday, another VPN – Surfshark – announced it would do likewise.

    Continue reading
  • Travis CI exposes free-tier users' secrets – new claim
    API can be manipulated to reveal tokens in clear text log data

    Travis CI stands for "Continuous Integration" but might just as well represent "Consciously Insecure" if, as security researchers claim, the company's automation software exposes secrets by design.

    Aqua Security Software on Monday said its researchers had reported a data disclosure vulnerability with the Travis CI API. The response they said they received is that everything is working as intended.

    In a blog post security researchers Yakir Kadkoda, Ilay Goldman, Assaf Morag, and Ofek Itach said they had found tens of thousands of user tokens were accessible through the Travis CI API, which provides a way to fetch clear-text log files.

    Continue reading
  • Mega's unbreakable encryption proves to be anything but
    Boffins devise five attacks to expose private files

    Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

    The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

    The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

    Continue reading
  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading

Biting the hand that feeds IT © 1998–2022