WhatsApp sues Israeli cyber surveillance company NSO Group, accusing it of hacking the phones of human rights activists & journalists
In May 2019, WhatsApp detected a series of suspicious calls on its network and determined that the calls were infecting targeted phones with spyware. After the incident, Citizen Lab volunteered to help WhatsApp identify cases where the suspected targets of this attack were members of civil society. This investigation revealed that the attack targeted at least 100 human-rights defenders, journalists and other members of civil society across the globe.
On October 29, 2019, WhatsApp publicly attributed the attack to NSO Group, an Israeli surveillance company, and announced that it is suing NSO Group in US courts. In the lawsuit, WhatsApp is demanding a permanent injunction blocking NSO from attempting to access its computer systems and those of its parent company, Facebook and has asked that the court rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and “wrongfully trespassed” on Facebook’s property. According to a WhatsApp spokesperson,"This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users... In our complaint, we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective.”
WhatsApp is also supporting calls by the UN Special Rapporteur for Freedom of Expression David Kaye for a moratorium on the sale and use of surveillance software until there are rules in place to stop governments from using it to spy on opponents and critics.
NSO Group strongly disputes the allegations. "The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. We take action if we detect any misuse. This technology is rooted in the protection of human rights – including the right to life, security and bodily integrity – and that's why we have sought alignment with the U.N. Guiding Principles on Business and Human Rights, to make sure our products are respecting all fundamental human rights." [For previous coverage of the May 2019 attack, see here.]
All components of this story
Author: Special Correspondent, The Hindu
"Israeli spyware used to target Indian journalists, human rights activists: WhatsApp", 31 October 2019
Facebook-owned WhatsApp...said Indian...journalists and human rights activists were among those globally spied upon by unnamed entities using an Israeli spyware Peagasus.
WhatsApp said it was suing NSO Group, an Israeli surveillance firm, that is reportedly behind the technology that helped unnamed entities' spies to hack into phones of roughly 1,400 users.
These users span across four continents and included diplomats, political dissidents, journalists and senior government officials.
However, it did not say on whose behest the phones of journalists and activists across the world were targeted...
Refusing to divulge identities or the exact number of those targeted in India, WhatsApp said it had in May stopped a highly sophisticated cyberattack that exploited its video calling system to send malware to its users.
WhatsApp said it "believes the attack targeted at least 100 members of civil society...this number may grow higher as more victims come forward".
WhatsApp head Will Cathcart said these victims include human rights defenders, journalists and other members of the civil society across the world.
Cathcart asserted that WhatsApp was committed to the fundamental right to privacy and that it is working to stay ahead of those who seek to violate that right.
Author: Nick Hopkins & Stephanie Kirchgaessner, The Guardian
WhatsApp has launched an unprecedented lawsuit against... NSO Group, an Israeli surveillance company, saying it is responsible for a series of highly sophisticated cyber-attacks... WhatsApp said it believed the technology sold by NSO was used to target the mobile phones of more than 1,400 of its users in 20 different countries during a 14-day period... WhatsApp believes those who were the subject of the cyber-attacks included leading human rights defenders and lawyers, prominent religious figures, well-known journalists, officials in humanitarian organisations,... women previously targeted by cyber-violence, and individuals who have faced assassination attempts and threats of violence, as well as their relatives...
WhatsApp’s lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and “wrongfully trespassed” on Facebook’s property. “This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users,” said a WhatsApp spokesman. “In our complaint, we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective.”
Citizen Lab identified over 100 cases of abusive targeting of human rights defenders & journalists using NSO Group software
Author: Citizen Lab
"NSO Group/Q Cyber Technologies: Over one hundred new abuse cases," 29 Oct 2019
As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device. Today Oct 29th, WhatsApp is publicly attributing the attack to NSO Group... After the incident, Citizen Lab volunteered to help WhatsApp identify cases where the suspected targets of this attack were members of civil society, such as human rights defenders and journalists... Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe... that took place after Novalpina Capital acquired NSO Group... NSO Group spyware is being sold to government clients without appropriate controls over how it is employed by those clients. They are, in turn, using NSO’s technology to hack into the devices of members of civil society, including journalists, lawyers, political opposition, and human rights defenders—with potential lethal consequences.
Author: Access Now
An investigation conducted by WhatsApp and Citizen Lab revealed that a total of 1400+ individuals were targeted, out of whom over 100 have already been identified as members of civil society (human rights defenders, activists, journalists). The investigation found enough evidence to attribute the attack to NSO Group...This is not the first time NSO Group spyware has been found to target members of the civil society. Access Now and other NGOs have repeatedly denounced the lack of human rights protections and safeguards for the products NSO sells...
Governments hold the primary duty to prevent and remedy violations of human rights involving private companies. Israel, where NSO Group is headquartered, and the U.K., where its owner Novalpina is based, must take immediate action to forestall more violations... In this case, the direct burden falls on the spyware vendors to change their ways... we also call on large platforms to review their policies and engage their... teams to assist civil society and government in keeping users safe and identifying, attributing, and mitigating threats posed by other companies. Working with Citizen Lab to investigate the attacks, giving notice to its users, and taking legal action, WhatsApp has set a strong precedent in this case that we can build on with the entire sector.
Author: Will Cathcart, Washington Post
In May , WhatsApp announced that we had detected and blocked a new kind of cyberattack involving a vulnerability in our video-calling feature... after months of investigation, we can say who was behind this attack. Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to... NSO Group... [The attack] targeted at least 100 human-rights defenders, journalists and other members of civil society across the world. This should serve as a wake-up call... Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk.
At WhatsApp, we believe people have a fundamental right to privacy... [F]ar more needs to be done to define what amounts to proper oversight of cyber weapons. NSO said in September that “human rights protections are embedded throughout all aspects of our work.” Yet it maintains that it has no insight into the targets of its spyware. Both cannot be true. At a minimum, leaders of tech firms should join U.N. Special Rapporteur David Kaye’s call for an immediate moratorium on the sale, transfer and use of dangerous spyware.
Author: NSO Group, PR Newswire
In the strongest possible terms, we dispute today's allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years... We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. We take action if we detect any misuse. This technology is rooted in the protection of human rights – including the right to life, security and bodily integrity – and that's why we have sought alignment with the U.N. Guiding Principles on Business and Human Rights, to make sure our products are respecting all fundamental human rights.
Author: Mehul Srivastava, Financial Times
At least 100 journalists, human rights activists and political dissidents had their smartphones attacked by spyware that exploited a vulnerability in WhatsApp, according to the Facebookowned messaging service... Their phones were targeted through WhatsApp’s call function by customers of the Israelbased NSO Group, which makes Pegasus, a spyware program. Once installed, Pegasus is designed to take over all of a phone’s functions... “There is an unaccountable wild west of this kind of spyware and intrusion technology,” said John Scott-Railton, a senior researcher at Citizen Lab, which tracks digital surveillance. “If you equip repressive governments with the power to snoop like this it is almost a foregone conclusion that they will abuse this technology.”
... Since a leveraged buyout in February backed by London-based Novalpina Capital that valued NSO at $1bn, the company has rejected criticism that its clients abuse its software... “The record of NSO Group is troubling,” Mr Kaye [the UN Special Rapporteur on freedom of expression] told the FT. “Making matters worse, its activities are opaque, and subject to minimal, if any, government constraints. My hope is that allegations like these encourage governments to take strong regulatory action.”
Author: Amnesty International
Responding to a statement by WhatsApp on Tuesday that spyware produced by the Israeli firm NSO Group was used to target more than 100 human rights activists, Danna Ingleton, Deputy Director of Amnesty Tech, said: “These latest revelations underscore that NSO Group continues to profit from its spyware products being used to intimidate, track, and punish scores of human rights defenders across the globe, including the Kingdom of Bahrain, the United Arab Emirates and Mexico. WhatsApp deserves credit for their tough stance against these malicious attacks, including their efforts to hold NSO to account in the courts. NSO says its spyware is solely intended to ‘prevent crime and terrorism’, but instead the firm’s invasive surveillance tools are being used to commit human rights abuses. The safest way to stop NSO’s spyware products reaching governments who plan to misuse them is to revoke the company’s export license. This is why next week, Amnesty International is supporting a legal case in Tel Aviv District Court to force the Israeli Ministry of Defence to do exactly that."... On 7 November, the Tel Aviv’s District Court is due to hear a legal case arguing that Israel’s Ministry of Defence (MoD) should revoke NSO Groups export licence... The legal action is being brought by approximately 30 members and supporters of Amnesty International Israel and others from the human rights community.