Messaging service, Whatsapp, owned by Facebook, is suing an Israeli company that it claims was behind a cyberattack that installed spyware on users’ phones.
The attack targeted human rights defenders, journalists, political dissidents, diplomats and government officials.
More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones.
The individuals received alerts saying they were among more than 100 human rights campaigners whose phones were believed to have been hacked using malware sold by NSO Group, an Israeli cyberweapons company.
WhatsApp filed the complaint against NSO Group in US federal court on Tuesday.
“This should serve as a wake-up call for technology companies, governments and all internet users,” WhatsApp chief Will Cathcart wrote in an op-ed in The Washington Post on Tuesday.
“Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk,” he said.
The WhatsApp complaint claims that NSO, a company that manufactures, distributes and operates surveillance technology, used WhatsApp servers located in the United States and elsewhere to send spyware to about 1,400 smartphones and devices in April and May.
The malware was intended to conduct “surveillance of specific WhatsApp users,” the complaint said.
The targets included “at least 100 human rights defenders, journalists and other members of civil society across the world,” according to Cathcart.
Targets were located in places such as Mexico, the United Arab Emirates and the Kingdom of Bahrain.
NSO’s clients include government agencies in those countries, as well as private entities.
The complaint, however, does not name any defendants aside from NSO Group and its parent company, Q Cyber Technologies.
NSO Group said in a statement Wednesday that it disputes the allegations and “will vigorously fight them.”
“The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists,” the company added.
Pressure on NSO grew on Friday when the Israeli security cabinet minister, Ze’ev Elkin, insisted the government had nothing to do with the company.
In an interview on Tel Aviv radio, he described NSO “as a private player” and said if anyone had done anything wrong, “then the justice system here and in other countries will throw the book at them”.
The Indian government has called on WhatsApp to submit a detailed report by next week on claims that many Indians were targeted.
WhatsApp Investigation revealed spyware.
The WhatsApp investigation, which worked with the University of Toronto’s Citizens Lab, revealed that attackers installed NSO’s flagship spyware, known as Pegasus, on smartphones by making a WhatsApp call to victims, according to WhatsApp and Citizen Lab. The victims didn’t even have to answer the call for their phones to be infected.
Citizen Lab says that there are multiple ways the devices could be infected, and not all are known yet.
Once Pegasus was installed, it began contacting servers controlled by Pegasus operators and sending back the victim’s private data. That data included passwords, contact lists, calendar events, text messages and live voice calls from popular mobile messaging apps, according to Citizen Lab,
An operator could even turn on an infected smartphone’s camera and microphone to capture activity happening near the phone, and use the GPS function to track a target’s location and movements.
Why we should care even if the WhatsApp attack didn’t target you.
WhatsApp chief Cathcart wrote that the attacks were “highly sophisticated,” but the attackers’ attempts to cover their tracks weren’t entirely successful.
They “used servers and internet-hosting services that were previously associated with NSO. In addition … we have tied certain WhatsApp accounts used during the attacks back to NSO,” Cathcart said.
Citizen Lab said that among the many companies it has tracked, “NSO Group stands out in terms of the reckless abuse of its spyware by government clients.”
Although NSO’s technology is marketed as a tool to assist governments in lawful investigations into crime and terrorism, Citizen Lab said it “has identified dozens of cases where journalists, human rights activists and defenders, lawyers, international investigators, political opposition groups, and other members of civil society have been targeted with Pegasus.”
WhatsApp and parent company Facebook are asking the court for damages of at least $75,000 plus attorneys’ fees and any other damages to be proven at trial.
The companies are also asking for an injunction against NSO Group, which would bar the company and anyone affiliated with it from accessing WhatsApp or Facebook’s services, which includes creating and maintaining accounts on the messaging and social media platforms.
In a statement issued by NSO Group, the company says its technology has helped save thousands of lives in recent years by aiding law enforcement, and respects all fundamental human rights.
“We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. We take action if we detect any misuse,” it said.