WhatsApp sues Israeli cyber surveillance company NSO Group, accusing it of hacking the phones of human rights activists & journalists
A group of employees from Israeli surveillance firm NSO Group filed a lawsuit against Facebook Inc today, saying the social media giant had unfairly blocked their private accounts when it sued NSO last month, Reuters reported.
This comes a month after messaging service WhatsApp, which is owned by Facebook, had accused NSO in its own legal action filed in California last month of helping government spies break into the phones of roughly 1,400 users across four continents in a hacking spree whose targets included diplomats, political dissidents, journalists and senior government officials.
Following the incident, Citizen Lab volunteered to help WhatsApp identify cases where the suspected targets of this attack were members of civil society. This investigation revealed that the attack targeted at least 100 human-rights defenders, journalists and other members of civil society across the globe.
In the lawsuit, WhatsApp is demanding a permanent injunction blocking NSO from attempting to access its computer systems and those of its parent company, Facebook and has asked that the court rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and “wrongfully trespassed” on Facebook’s property. According to a WhatsApp spokesperson,"This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users... In our complaint, we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective.”
WhatsApp is also supporting calls by the UN Special Rapporteur for Freedom of Expression David Kaye for a moratorium on the sale and use of surveillance software until there are rules in place to stop governments from using it to spy on opponents and critics.
NSO Group strongly disputes the allegations. "The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. We take action if we detect any misuse. This technology is rooted in the protection of human rights – including the right to life, security and bodily integrity – and that's why we have sought alignment with the U.N. Guiding Principles on Business and Human Rights, to make sure our products are respecting all fundamental human rights." [For previous coverage of the May 2019 attack, see here.]
All components of this story
Author: Amnesty International
"Israel: Court decides to hear case against NSO behind closed doors", 16th of January 2020
On Thursday, a judge at Tel Aviv’s District Court begin hearing arguments as to why Israel’s Ministry of Defence (MoD) should revoke the export licence of NSO Group. The firm’s Pegasus software has been used to target journalists and activists across the globe – including in Morocco, Saudi Arabia, Mexico and the United Arab Emirates.
Responding to a decision by Tel Aviv District Court on Thursday to close the doors of the hearing of a legal action seeking to revoke the export licence of spyware firm NSO Group, Danna Ingleton, Deputy Director of Amnesty Tech, said:
“The cosy complicity between governments and the shadowy surveillance industry has to end. We will continue to make every effort to ensure NSO Group’s invasive products can no longer be used to commit human rights abuses around the world.”
Author: Times of India
"Government issued notice to NSO; WhatsApp didn't inform about vulnerability in system; Prasad", 28 November 2019
IT minister Ravi Shankar Prasad told Parliament on [28 November 2019] that a WhatsApp CEO-led delegation had not mentioned... any vulnerability of their system during their meetings with the ministry... [T]he government had issued notice to Israeli technology firm NSO Group, which created Pegasus on November 26, seeking details about the malware and its impact... "Duing the high level... meeting [with] CEO Will Cathcart and VP Plicy Nick Clegg of WhatsApp... no mention was made by the high level WhatsApp team regarding this vulnerability," Prasad in a statement... "You can come to India for business, but there are sensitive and hyper-sensitive data and India would claim its right over that," Prasad said, adding he would discuss in detail once the Data Protection Law comes into force.
Author: Steven Scheer, Reuters
"Workers at Israeli surveillance firm NSO sue Facebook for blocking private accounts", 26 November 2019
A group of employees from Israeli surveillance firm NSO Group filed a lawsuit against Facebook Inc on Tuesday, saying the social media giant had unfairly blocked their private accounts when it sued NSO last month...
Facebook said in a statement that it had disabled “relevant accounts” after attributing a “sophisticated cyber attack” to NSO Group and its employees. Those actions “continue to be necessary for security reasons, including preventing additional attacks,” the company said.
Commentary: NSO Group gives lots of justifications for selling spy tech. Facebook's lawsuit proves them wrong
Author: Oded Yaron, Haaretz
According to NSO, its products are sold only to intelligence and law enforcement agencies after careful screening. The company stated in part that its products “assist its clients in their war on terror, pedophilia and serious crimes,” adding that “any other use of the company’s products is forbidden and invalid.”... But [a] contract attached to the lawsuit [brought by Facebook] governs a transaction worth millions of dollars between a local company representing NSO in Ghana and that country’s National Communications Authority. The authority doesn’t deal with law enforcement, making it unclear why it needed an advanced offensive cybertechnology tool... [T]he system was never delivered to either the communications authority or the NSCS. Instead, as was revealed in court testimony, it ended up at the private home of Baba Kamara, a senior adviser to Ghana’s president... NSO told Haaretz that the company’s system had never been installed in any private home.
... NSO claims that, while it develops offensive cybertechnological tools, it doesn’t operate them itself... [However] they also offer a support package [to clients]... [which] raises a number of questions regarding the kind of information NSO is privy to... Haaretz asked NSO what steps it takes if its equipment is misused and if it has ever halted service to a client that misused its technology. The company refused to respond to the questions.
NSO Group allegedly more involved in hacking targets than previously believed based on documents revealed through lawsuit
Author: Lorenzo Franceschi-Bicchierai & Joseph Cox, VICE
"How NSO Group helps countries hack targets," 31 Oct 2019
WhatsApp, which is owned by Facebook, filed a lawsuit against NSO Group in a California court... NSO makes Pegasus, a surveillance product that hacks cellphones and is used by government agencies around the world to intercept and read data on the hacked devices. WhatsApp alleges that NSO was sending malware to take control of phones via WhatsApp and was using Facebook infrastructure as part of its hacking campaign... NSO provides hacking as a streamlined service, which means a lot of the actual tech is in the company’s own control, and NSO can offer hands-on assistance to the government employees who use it... NSO has maintained that it merely sells tools to governments and that it does not have specific knowledge of who its clients hack... The level of support NSO gives customers depends on how much the customer pays... [and] offers four tiers of support... The NSO staff may not press the Enter key to actually hack the target, but they are involved in essentially every other step of the process, according to the sources.
... A company spokesperson [said] “Under no circumstances does NSO operate the systems that are licensed to our customers; to do so would violate many laws and regulations, as well as our own policies. NSO’s products are only provided to intelligence and law enforcement agencies after a strict licensing and vetting process, and after training the clients use the system on their own for preventing and investigating terror and serious crime.”
Author: Special Correspondent, The Hindu
"Israeli spyware used to target Indian journalists, human rights activists: WhatsApp", 31 October 2019
Facebook-owned WhatsApp...said Indian...journalists and human rights activists were among those globally spied upon by unnamed entities using an Israeli spyware Peagasus.
WhatsApp said it was suing NSO Group, an Israeli surveillance firm, that is reportedly behind the technology that helped unnamed entities' spies to hack into phones of roughly 1,400 users.
These users span across four continents and included diplomats, political dissidents, journalists and senior government officials.
However, it did not say on whose behest the phones of journalists and activists across the world were targeted...
Refusing to divulge identities or the exact number of those targeted in India, WhatsApp said it had in May stopped a highly sophisticated cyberattack that exploited its video calling system to send malware to its users.
WhatsApp said it "believes the attack targeted at least 100 members of civil society...this number may grow higher as more victims come forward".
WhatsApp head Will Cathcart said these victims include human rights defenders, journalists and other members of the civil society across the world.
Cathcart asserted that WhatsApp was committed to the fundamental right to privacy and that it is working to stay ahead of those who seek to violate that right.
Author: Nick Hopkins & Stephanie Kirchgaessner, The Guardian
WhatsApp has launched an unprecedented lawsuit against... NSO Group, an Israeli surveillance company, saying it is responsible for a series of highly sophisticated cyber-attacks... WhatsApp said it believed the technology sold by NSO was used to target the mobile phones of more than 1,400 of its users in 20 different countries during a 14-day period... WhatsApp believes those who were the subject of the cyber-attacks included leading human rights defenders and lawyers, prominent religious figures, well-known journalists, officials in humanitarian organisations,... women previously targeted by cyber-violence, and individuals who have faced assassination attempts and threats of violence, as well as their relatives...
WhatsApp’s lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and “wrongfully trespassed” on Facebook’s property. “This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users,” said a WhatsApp spokesman. “In our complaint, we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective.”
Citizen Lab identified over 100 cases of abusive targeting of human rights defenders & journalists using NSO Group software
Author: Citizen Lab
"NSO Group/Q Cyber Technologies: Over one hundred new abuse cases," 29 Oct 2019
As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device. Today Oct 29th, WhatsApp is publicly attributing the attack to NSO Group... After the incident, Citizen Lab volunteered to help WhatsApp identify cases where the suspected targets of this attack were members of civil society, such as human rights defenders and journalists... Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe... that took place after Novalpina Capital acquired NSO Group... NSO Group spyware is being sold to government clients without appropriate controls over how it is employed by those clients. They are, in turn, using NSO’s technology to hack into the devices of members of civil society, including journalists, lawyers, political opposition, and human rights defenders—with potential lethal consequences.
Author: Access Now
An investigation conducted by WhatsApp and Citizen Lab revealed that a total of 1400+ individuals were targeted, out of whom over 100 have already been identified as members of civil society (human rights defenders, activists, journalists). The investigation found enough evidence to attribute the attack to NSO Group...This is not the first time NSO Group spyware has been found to target members of the civil society. Access Now and other NGOs have repeatedly denounced the lack of human rights protections and safeguards for the products NSO sells...
Governments hold the primary duty to prevent and remedy violations of human rights involving private companies. Israel, where NSO Group is headquartered, and the U.K., where its owner Novalpina is based, must take immediate action to forestall more violations... In this case, the direct burden falls on the spyware vendors to change their ways... we also call on large platforms to review their policies and engage their... teams to assist civil society and government in keeping users safe and identifying, attributing, and mitigating threats posed by other companies. Working with Citizen Lab to investigate the attacks, giving notice to its users, and taking legal action, WhatsApp has set a strong precedent in this case that we can build on with the entire sector.
Author: Will Cathcart, Washington Post
In May , WhatsApp announced that we had detected and blocked a new kind of cyberattack involving a vulnerability in our video-calling feature... after months of investigation, we can say who was behind this attack. Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to... NSO Group... [The attack] targeted at least 100 human-rights defenders, journalists and other members of civil society across the world. This should serve as a wake-up call... Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk.
At WhatsApp, we believe people have a fundamental right to privacy... [F]ar more needs to be done to define what amounts to proper oversight of cyber weapons. NSO said in September that “human rights protections are embedded throughout all aspects of our work.” Yet it maintains that it has no insight into the targets of its spyware. Both cannot be true. At a minimum, leaders of tech firms should join U.N. Special Rapporteur David Kaye’s call for an immediate moratorium on the sale, transfer and use of dangerous spyware.