California’s Wildfires | The Next Syrian Refugee Crisis | WhatsApp & Spying, and more

WhatsApp Sues an Israeli Tech Firm Whose Spyware Targeted Human-Rights Activists and Journalists (Adam Entous, New Yorker)
This spring, a team of engineers at WhatsApp detected a series of suspicious calls on the messaging service’s networks, many of them emanating from phone numbers in Sweden, the Netherlands, Israel, and other countries. At first, WhatsApp wasn’t sure what was happening. Then the engineers, working with their counterparts at Facebook, which owns WhatsApp, realized that the voice and video calls were somehow infecting targeted phones with advanced spyware, using a penetration method that the company had never encountered before. Most disturbing to the investigators was that it appeared many of the targeted phones became infected whether the calls were answered or not—what’s known as a zero-click vulnerability.
The malware then instructed the targeted phones to upload their content to servers owned by Amazon Web Services and other companies, where the stolen data was stored and could be accessed by the intruders. After the malware was loaded on some of the targeted phones, the call logs were wiped. Victims who heard their phones ringing overnight found no evidence of the calls in the morning.
On May 13th, WhatsApp announced that it had discovered the vulnerability. In a statement, the company said that the spyware appeared to be the work of a commercial entity, but it did not identify the perpetrator by name. WhatsApp patched the vulnerability and, as part of its investigation, identified more than fourteen hundred phone numbers that the malware had targeted. In most cases, WhatsApp had no idea whom the numbers belonged to, because of the company’s privacy and data-retention rules. So WhatsApp gave the list of phone numbers to the Citizen Lab, a research laboratory at the University of Toronto’s Munk School of Global Affairs, where a team of cyber experts tried to determine whether any of the numbers belonged to civil-society members.
On Tuesday, WhatsApp took the extraordinary step of announcing that it had traced the malware back to NSO Group, a spyware-maker based in Israel, and filed a lawsuit against the company—and also its parent, Q Cyber Technologies—in a Northern California court, accusing it of “unlawful access and use” of WhatsApp computers. According to the lawsuit, NSO Group developed the malware in order to access messages and other communications after they were decrypted on targeted devices, allowing intruders to bypass WhatsApp’s encryption.

How the Pittsburgh shooting changed American Jews (Zack Beauchamp, Vox)
My Jewish wedding was the day of the Tree of Life killings. On the first anniversary, a reflection of what’s happened to our community — both our pain and our strength.

The Next Syrian Refugee Crisis Will Break Europe’s Back (Yiannis Baboulias, Foreign Policy)
As the possibility of another exodus increases, Greece’s decrepit refugee camps expose how the EU wasted the past three years.

EU to Help Fund Colombia Peace Process for Additional 4 Years (Reuters)
The European Union said on Thursday it would extend for four years funding to support implementation of Colombia’s peace accord with former Revolutionary Armed Forces of Colombia (FARC) rebels, including an initial contribution of 33.5 million euros ($37 million).
The EU has given nearly 128 million euros ($142 million) to help former fighters reintegrate since late 2016.