Ars Technica on the NSA or FBI intercepting WhatsApp messages, ultimately leading to two people being arrested for plotting a terror attack in Belgium:

In an article in German magazine C’T, editor Fabian A. Scherschel dove into the encryption scheme in WhatsApp and contended that it did not vary the key used to encrypt information in transit—instead, it used a key derived from the user’s password and encryption code based on the RC4 algorithm for both inbound and outbound communication. The insinuation was that intercepted and collected messages could theoretically be broken much more easily since the key seeds could be more easily found because it reduced the number of possible keys. But in a response to the article posted to Reddit, Moxie Marlinspike said, “This article should be retitled ‘Breaking News: WhatsApp E2E Deployment Process Exactly As Advertised.’  We announced a partnership, not a finished deployment. In the blog post announcing that partnership, we publicly outlined the WhatsApp E2E deployment process, and it describes exactly what has been ‘discovered’ here. As I said in the blog post, deploying across this many users (hundreds of millions) and this many platforms (seven, of which they checked two) takes time, and is being done incrementally. I also point out that we will be surfacing information in the UI once that is complete.”