WhatsApp said to accuse Israel’s NSO Group of deep involvement in hacking op

WhatsApp has alleged in court documents in an ongoing legal case that the controversial Israeli private intelligence firm NSO Group was “deeply involved” in the hacking of 1,400 users’ phones, and had control over US-based servers involved in the operation, according to a report Wednesday.

The messaging company refuted NSO Group’s attempts to distance itself from the hacks.

The accounts targeted included those of senior government officials, journalists, and human rights activists worldwide. The US lawsuit in the case has been ongoing since October.

NSO Group’s flagship spyware, called Pegasus, allows agents to effectively take control of a phone, surreptitiously controlling its cameras and microphones from remote servers and vacuuming up personal data and geolocations.

NSO Group has previously claimed that it only licenses its software to governments for “fighting crime and terror” and that it investigates credible allegations of misuse, but activists argue the technology has been instead used for human rights abuses.

Earlier this month the company told the court that it was not responsible for state actors’ use of its software and had no information on the operation of the technology. But according to the Guardian, WhatsApp has claimed that the servers used in hacking operations were controlled by NSO Group and not by its government clients.

“NSO used a network of computers to monitor and update Pegasus after it was implanted on users’ devices. These NSO-controlled computers served as the nerve center through which NSO controlled its customers’ operation and use of Pegasus,” the court filings state.

They add that NSO received “unauthorized access” to WhatsApp servers and evaded the messaging service’s security features.

The Guardian quoted John Scott-Railton of Citizen Lab, who has worked with WhatsApp on the case, as saying that because it controlled the servers involved in the WhatsApp hack, NSO would have had access to logs, including IP addresses, identifying the users who were being targeted.

“Whether or not NSO looks at those logs, who knows? But the fact that it could be done is contrary to what they say,” Scott-Railton said.

NSO said in a statement: “Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients. Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate.”

Earlier this month, The Times of Israel reported that NSO Group was involved in the development of a contact tracing app to be used to combat the spread of the coronavirus.

On March 30, Defense Minister Naftali Bennett announced in a series of tweets that Israel had developed a sophisticated artificial intelligence system, separate from the system currently in use by the Shin Bet, to track the spread of coronavirus.

“In my opinion it is the most advanced in the world,” he wrote.

Bennett also revealed that the system was a joint venture between the Defense Ministry, the IDF’s 8200 intelligence unit and a private high-tech company, whose name he did not specify.

But at a March 31 Knesset hearing of the Subcommittee for Secret Services, MKs revealed that the company in question was in fact NSO Group.

The Times of Israel report also noted that three of NSO Group’s founders — Omri Lavie, Shalev Hulio and Isaac Zack — invest their personal money through a firm known as the Founders’ Group that has invested in the largely fraudulent binary options industry.