A prominent Catholic bishop and a priest in Togo have been told they were targeted by spyware made by the private surveillance firm NSO Group, in the first known case of its kind involving members of the clergy.
A joint investigation by the Guardian and the French newspaper Le Monde can reveal that Bishop Benoît Alowonou and five other critics of Togo’s repressive government were alerted by WhatsApp last year that their mobile phones had been targeted with the spying technology.
WhatsApp announced last year that 1,400 of its users were attacked with the malware, which is made by Israel’s NSO Group, over a two-week period last April.
Individuals who are known to have been told by WhatsApp that they were targets of the attack are now known to include politicians who support Catalonian independence in Spain, journalists in India and Morocco, and political activists from Rwanda.
Discussing the attack in a recent speech, Will Cathcart, the head of WhatsApp, which is owned by Facebook, referred to “horrifying examples of journalists, human rights advocates, government officials, religious leaders … being spied on [in] really horrifying ways”.
WhatsApp has accused NSO Group in a US lawsuit of facilitating the attacks against the 1,400 users. NSO Group has denied the claim, saying its software is operated by the governments that purchase it. The company has said it cannot reveal the names of its clients, who it says are contractually obliged to use the software only against criminals and terrorists.
Researchers at Citizen Lab at the University of Toronto’s Munk School, which closely tracks the use of commercial spyware and assisted WhatsApp when the 2019 vulnerability was discovered, confirmed to the Guardian and Le Monde that they believed at least six individuals in Togo were targeted in the attack.
Four of those targets agreed to be named: Bishop Alowonou, a priest named Pierre Chanel Affognon, Raymond Houndjo, a close associate of a leading opposition politician, and Elliott Ohin, a former government minister who is in the opposition party.
While it is not known who perpetrated the attacks against the Togolese targets, some of the victims have said they believed the Togolese government was likely to have been behind the surveillance effort. A 2018 Citizen Lab report said Togo was one of five African countries where a possible operator of NSO Group technology was active.
Pro-democracy activists in Togo have separately alleged that their efforts to organise themselves have been hobbled by what they suspect to be surveillance by the Togolese authorities.
“At this time, Citizen Lab is not conclusively stating which government is responsible for this attack,” said John Scott-Railton, a senior researcher at the organisation. “But the fact that these individuals are all either opposition party members or otherwise critical of the government is troubling.”
He said he was “especially concerned” that members of the clergy had been targeted. “Yet again, we’re far away from the kinds of targets that spyware companies like NSO claim are the legitimate targets of these cases.”
Togo has been ruled by President Faure Gnassingbé, who has led the country since 2005 following the death of his father, Gnassingbé Eyadéma, who was in power for nearly four decades.
Members of the Roman Catholic church in Togo are among the president’s most strident critics, including Bishop Alowonou, who said he believed he was targeted because of his activism. “We sometimes say truths that irritate the powerful,” he said in an interview. “In the last elections, we took positions in favour of truth.”
Alowonou said he initially assumed the alert he received from WhatsApp, saying he had been targeted, was just a spam message. But once he realised it was genuine, he described the use of spyware against dissidents as “dangerous for our freedoms and for democracy”.