In US Court today, Facebook filed a lawsuit against NSO Group, an Israeli company that sells spyware products.
In the lawsuit, social media giant Facebook, claims that NSO Group sold information they gathered from a WhatsApp zero-day against more than 1,400 users.
They also are claiming that they believe NSO had direct involvement in the deployment of the WhatsApp zero-day.
In May this year, A Financial Times report claimed that the Israeli surveillance group had developed an exploit that abused a feature in WhatsApp’s VoIP calling feature.
Basically, WhatsApp users would get a call, but specially crafted RTCP packets would allow an attacker to run malicious code that installed NSO Groups “Pegasus” spyware kit.
This effected both Android and iPhone users.
When it was discovered that this happened, Facebook deployed urgent updates to fix the vulnerability and issued a simple advisory to users.
Will Cathcart, Head of WhatsApp at Facebook said in a statement in the Washington Post today that, “Now, after months of investigation, we can say who was behind the attack.”
Cathcart added that “Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to an international technology company called NSO Group.”
“As we gathered the information that we lay out in our complaint, we learned that the attackers used servers and Internet-hosting services that were previously associated with NSO. In addition, as our complaint notes, we have tied certain WhatsApp accounts used during the attacks back to NSO. While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful,” Cathcart said.
Court documents show that the attack targeted more than 1,400 devices belonging to individuals such as journalists, attorneys, political dissidents, diplomats, senior foreign government officials, and more.
Based on country codes of the targeted WhatsApp numbers, targeted users were located in Kingdom of Bahrain, the United Arab Emirates, and Mexico.
Facebook published a FAQ page to their WhatsApp website today Facebook said it sent “a special WhatsApp message” to notify all device holders about the May attacks.
In the past, NSO has said multiple times that they only sell their hacking tools to customers and cannot be held responsible for what they do with this code.
However, Facebook said the purpose of this lawsuit is to hold NSO accountable under US State and federal laws as well as the Computer Fraud Abuse Act and prove that it is linked to an active hacking campaign.
In a request for comment by ZDNet.com, the NSO Group provided the following:
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years.
“The truth is that strongly encrypted platforms are often used by pedophile rings, drug kingpins and terrorists to shield their criminal activity. Without sophisticated technologies, the law enforcement agencies meant to keep us all safe face insurmountable hurdles. NSO’s technologies provide proportionate, lawful solutions to this issue.
“We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. We take action if we detect any misuse. This technology is rooted in the protection of human rights – including the right to life, security and bodily integrity – and that’s why we have sought alignment with the U.N. Guiding Principles on Business and Human Rights, to make sure our products are respecting all fundamental human rights.”