Israeli spyware company NSO Group is accused by WhatsApp of cyberespionage targeting journalists, lawyers, human rights activists and others on the Facebook-owned messaging service.
– Pocket spy –
Founded in 2010 by Israelis Shalev Hulio and Omri Lavie, NSO Group is based in the Israeli seaside hi-tech hub of Herzliya, near Tel Aviv. It says it employs 600 people in Israel and around the world.
It produces Pegasus, a highly invasive tool that can reportedly switch on a target’s cell phone camera and microphone and access data on it, effectively turning the phone into a pocket spy.
NSO Group’s annual report filed in February of 2019 listed Israel-based Q Cyber as the only active director and its majority shareholder, according to a lawsuit filed by WhatsApp.
– What’s up at WhatsApp –
WhatsApp on Tuesday sued NSO Group and Q cyber, accusing them of using the messaging service to conduct cyberespionage.
The suit filed in a California federal court contended that NSO Group tried to infect approximately 1,400 “target devices” with malicious software to steal valuable information from those using the messaging app.
Infecting smartphones or other gadgets being used for WhatsApp messages meant the content of messages encrypted during transmission could be accessed after they were unscrambled for recipients.
WhatsApp head Will Cathcart said the lawsuit was filed after an investigation showed the Israeli firm’s role in the cyberattack, despite its denials.
The complaint said the attackers “reverse-engineered the WhatsApp app and developed a program to enable them to emulate legitimate WhatsApp network traffic in order to transmit malicious code” to take over the devices.
– Khashoggi denial –
In an interview early this year with Israeli daily Maariv, Hulio was asked about reports that telephone spyware was used to bug Jamal Khashoggi prior to the Saudi journalist’s October 2018 murder in Istanbul.
“As a human being and as an Israeli, what happened to Khashoggi was a shocking murder,” the company’s CEO said.
“I can tell you on the record that Khashoggi was not targeted by any NSO product or technology, including listening, monitoring, location tracking and intelligence collection.”
– A hit in Mexico ? –
In Mexico, where investigative journalist Javier Valdez was shot dead on the street in broad daylight in 2017, prominent journalists and activists say the government of former president Enrique Pena Nieto targeted them using Pegasus.
The New York Times reported at the time that at least three Mexican federal agencies had purchased some $80 million of spyware from NSO Group since 2011.
In one case, international experts investigating the disappearance of 43 students in Mexico in 2014 were targeted with the spyware after it had been sold to the government, the experts said.
In 2016, Apple rushed out a security update after researchers said prominent Emirati rights activist Ahmed Mansoor was targeted by UAE authorities using Pegasus spyware.
The software has been pinpointed by independent experts as likely being used in a number of countries with poor human rights records.
– Court challenge –
NSO Group’s website says the company has “a pioneering approach to applying rigorous, ethical standards to everything we do.”
It says it has a vetting process on sales that combines licensing by Israeli export-control authorities with an internal review by a business ethics committee.
The firm has maintained that it only licenses its software to governments for “fighting crime and terror.”
UK-based rights group Amnesty International, however, said earlier this year that members and supporters in Israel petitioned the Tel Aviv district court against continued government export approval for NSO Group software.