Facebook Sues Shadowy Israeli Cyberweapons Firm NSO Group Over WhatsApp Malware
Facebook and subsidiary WhatsApp have filed suit against
shadowy Israeli cyber-intelligence firm NSO Group, saying that it exploited a
vulnerability in the encrypted messaging app to infect over 1,400 phones with
malware.
Per Bloomberg, the suit alleges that from January 2018 to
May 2019, NSO created bogus WhatsApp accounts using phone numbers from
different countries as well as created a “network of remote servers intended to
distribute malware and relay commands to the Target Devices.” From around April
29 to May 10 this year, the suit additionally claimed, NSO used those accounts
to place calls that deployed malware to “attorneys, journalists, human rights
activists, political dissidents, diplomats, and other senior foreign government
officials” via the remote servers. WhatsApp is asking for a permanent
injunction on NSO’s use of its products.
The specific WhatsApp vulnerability Facebook said was used
to deploy the malware (CVE-2019-3568) was fixed in May 2019 after WhatsApp
detected attacks on its servers. At the time, WhatsApp told reporters that the
attack “has all the hallmarks of a private company known to work with
governments to deliver spyware that reportedly takes over the functions of
mobile phone operating systems,” adding it had briefed human rights groups and
civil society organizations on the breaches.
NSO builds powerful malware such as its flagship Pegasus
project, which is reportedly capable of taking over targeted phones (as well as
penetrating any cloud services linked to those phones). It claims that its
tools are only sold to legitimate governments for purposes like
counter-terrorism and fighting transnational organized crime. But its CEO,
Shalev Hulio, has justified using them to target journalists and lawyers, and
the company has also said that it only learns of abuse from media reports. NSO
does not comment on specific clients, but the Toronto-based Citizen Lab has
“identified a total of 45 countries where Pegasus operators may be conducting
surveillance operations,” including at least “10 Pegasus operators [which]
appear to be actively engaged in cross-border surveillance.”
Citizen Lab has also linked NSO to spyware found on the
phone of a Saudi dissident in Canada, Omar Abdulaziz, who regularly spoke via
WhatsApp with journalist-in-exile Jamal Khashoggi. Khashoggi was tortured and
murdered by Saudi officials in the nation’s consulate in Istanbul last year.
NSO has also been tied to numerous other human rights abuses.
The lawsuit doesn’t identify who NSO’s client was.
In a statement to Bloomberg, NSO wrote, “The sole purpose of
NSO is to provide technology to licensed government intelligence and law
enforcement agencies to help them fight terrorism and serious crime. Our
technology is not designed or licensed for use against human rights activists
and journalists. It has helped to save thousands of lives over recent years.”
NSO added that it would “take action if we detect any
misuse” of its products.
“They want the credibility of having powerful intelligence
services as their customers, but at the same time they want to take credit only
for the alleged successes while disclaiming responsibility for any of the
alleged abuses,” Citizen Lab senior researcher John Scott-Railton told
Bloomberg. “This lawsuit shatters the illusion of this unaccountable bubble.”
Comments
Post a Comment