WhatsApp sues Israeli spyware firm NSO Group for allegedly hacking users

Facebook Inc.-owned WhatsApp today filed a lawsuit against Israeli spyware company NSO Group Technologies Ltd. claiming that the company illegally hacked users of the messaging service earlier this year.
WhatsApp claims NSO Group was behind a hack in May in which accounts were compromised in a so-called zero-day attack, or one that hadn’t previously been known.
The attack involved those behind it injecting malware by simply ringing a target without the need for a user to accept the call. At the time, the WhatsApp security team said it believed that those behind in the hack were an “advanced cyber actor.”
Writing today in The Washington Post, WhatsApp Chief Executive Officer Will Cathcart said an investigation has found “that the attackers used servers and Internet-hosting services that were previously associated with NSO,” and that they have tied WhatsApp accounts used to facilitate the attacks back to NSO.
“While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful,” Cathcart added.
The attacks are alleged to have targeted human rights defenders, journalists and other members of what are described as “civil society” across the world, including lawyers, diplomats and senior foreign government officials. Those targeted primarily resided in Bahrain, the United Arab Emirates and Mexico.
NSO Group responded to the lawsuit by denying the allegations.
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” NSO Group said in a statement. “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human-rights activists and journalists. It has helped to save thousands of lives over recent years.”
Cathcart noted that the purpose of the lawsuit is to hold NSO Group accountable under U.S. law, most notably the Computer Fraud and Abuse Act but also the California Comprehensive Computer Data Access and Fraud Act.
CitizenLab, a cybersecurity research group at the University of Toronto that assisted WhatsApp in its investigation, said separately that NSO Group and other spyware companies are “equipping repressive governments with powerful tools to spy on those who hold them to account.”
“With powerful surveillance technology such as this roaming free, there is nowhere to hide and no one will be safe from those who wish to cause harm,” CitizenLab added. “Not acting urgently on this critical public emergency threatens liberal democracy and human rights worldwide.”
The lawsuit is seeking a permanent injunction barring NSO from accessing WhatsApp servers including creating or using WhatsApp accounts.