- Facebook has filed a lawsuit in a US federal court against the Israeli hacker collective, the NSO Group.
- The social networking giant claims that the group used Pegasus, their flagship malware, to bug 1,400 users.
- NSO has not admitted to the act and plans to fight ‘vigorously’.
Facebook is not going to let bygones be bygones. It’s suing the Israeli hacker collective, the NSO Group, for
breaking past WhatsApp’s encryption to target at least 1,400 users with spyware.
Everything sent on WhatsApp is meant to be encrypted. That means messages are only visible to users that are participating in the conversation and no one in between, including WhatsApp itself.
But in May this year, the
NSO Group was able to get through. It didn’t target the encryption directly. Instead, it used a bug within WhatsApp’s software to plant malware — all it had to do was drop a missed call using WhatsApp’s voice call function.
So there was no user interaction and the only way that users could have protected themselves from the malware was by not having WhatsApp on their phones in the first place.
The malware allowed hackers to control phones remotely. They allegedly took advantage of the device’s microphones and cameras to collect data about the individual.
The social networking giant is claiming that the NSO Group — and its parent company Q Cyber Technology — violated the US Computer Fraud and Abuse act by using its flagship malware,
Pegasus, on 1,400 WhatsApp users.
“It targeted at least 100 human rights defenders, journalists and other members of civil society across the world,” Will Cathart, the head of WhatsApp, wrote in
The Washington Post.
In the past, the
NSO Group claimed no knowledge of the attack. After becoming aware of the case filed against them they issued a statement, in which they do not claim responsibility, but do vow to ‘vigorously’ fight them.
“Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years,” said the company.
Facebook is looking to keep NSO from having further access to its platform and is seeking unspecified damages.
The lawsuit alleges that the malicious code was sent over WhatsApp servers between April 29 to May 10.
WhatsApp is using this case as an argument against weakening end-to-end encryption for government access. According to Cathart, the fact negative actors are looking to exploit the system in such a way is all the more reason to not have any ‘backdoors’ or security openings.