WhatsApp spyware: Facebook sues Israeli company NSO for cyber spying

In what could be first of its kind lawsuit filed in San Francisco, Mark Zuckerberg-led Facebook is suing NSO Group, an Israeli software company, for an alleged cyber-espionage. Facebook is suing NSO in the US federal court for hacking into 1,400 WhatsApp accounts (read encrypted) with the help of highly sophisticated spyware. With this lawsuit, Facebook has touched upon a nearly totally unregulated realm and it will be exciting to see how the story unfolds in the days to come. According to Facebook, NSO Group infringed upon laws including the US Computer Fraud and Abuse Act with a crafty exploit that took advantage of a flaw in WhatsApp, allowing a smartphone to be penetrated through missed calls alone.

"It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world," the head of WhatsApp, Will Cathcart, wrote in an op-ed published by The Washington Post.

READ | WhatsApp beats TikTok, gains the most number of downloads in Q3 2019

The malware operation was discovered in May and ever since then, Facebook has apparently learnt that the attackers were using servers and internet-hosting services previously associated with NSO. The Israeli software company has been widely condemned for selling surveillance tools to repressive governments. Cathcart said the lawsuit was filed after an investigation showed the Israeli firm's role the cyberattack, despite its denials.

NSO responds

In its statement, NSO did not directly deny hacking WhatsApp but disputed the allegations and vowed to "vigorously fight them."

"The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime,” the company said. “Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years."

What's the issue

The lawsuit said the software developed by NSO known as Pegasus was designed to be remotely installed to hijack devices using the Android, iOS, and BlackBerry operating systems. The complaint said the attackers "reverse-engineered the WhatsApp app and developed a programme to enable them to emulate legitimate WhatsApp network traffic in order to transmit malicious code" to take over the devices. While NSO said strongly encrypted platforms (like WhatsApp) are used by paedophile rings, drug traffickers and terrorists and that NSO’s technologies "provide proportionate, lawful solutions" Facebook has demanded in the suit that NSO Group be denied access to Facebook’s services and systems and seeks unspecified damages.