WhatsApp: Israeli firm 'deeply involved' in hacking our users

NSO Group allegedly connected to hacks of 1,400 people including human rights activists

WhatsApp has alleged in new court filings that an Israeli spyware company used US-based servers and was “deeply involved” in carrying out mobile phone hacks of 1,400 WhatsApp users, including senior government officials, journalists, and human rights activists.

The new claims about NSO Group allege that the Israeli company bears responsibility in serious human rights violations, including the hacking of more than a dozen Indian journalists and Rwandan dissidents.

For years, NSO Group has said that its spyware is purchased by government clients for the purpose of tracking down terrorists and other criminals and that it had no independent knowledge of how those clients – which in the past have reportedly included Saudi Arabia and Mexico – use its hacking software.

But a lawsuit filed by WhatsApp against NSO Group last year – the first of its kind by a major technology company - is revealing more technical details about how the hacking software, Pegasus, is allegedly deployed against targets.

In the court filings last week, WhatsApp said its own investigation into how Pegasus was used against 1,400 users last year showed that servers controlled by NSO Group – not its government clients – were an integral part of how the hacks were executed.

WhatsApp has said victims of the hack received phone calls using its messaging app, and were infected with Pegasus. Then, it said: “NSO used a network of computers to monitor and update Pegasus after it was implanted on users’ devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers’ operation and use of Pegasus.”

According to WhatsApp’s filing, NSO gained “unauthorised access” to its servers by reverse-engineering the messaging app and then evading the company’s security features that prevent manipulation of the company’s call features. One WhatsApp engineer who investigated the hacks said in a sworn statement submitted to the court that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data centre was used by NSO.

NSO has said in legal filings that it has no insight into how government clients use its hacking tools, and therefore does not know who governments are targeting.

But one expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp on the case, said NSO’s control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted.

“Whether or not NSO looks at those logs, who knows? But the fact that it could be done is contrary to what they say,” Scott-Railton said.

In a statement to the Guardian, NSO stood by its earlier remarks. “Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients,” the company said. “Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate.”

The company said it would file its response to the court in coming days.

The new developments in the case come as NSO is facing separate questions about the accuracy of a tracking product it has launched following the outbreak of Covid-19. The new programme, called Fleming, uses mobile phone data and public health information to identify who individuals infected with coronavirus may have come into contact with. A report by NBC last weekend said NSO’s new tool was being marketed in the US.

But in a Twitter thread, Scott-Railton said his analysis showed it was relying on data that appeared very imprecise.

“When you are working with data with this much built-in inaccuracy, it would be pretty intense to issue alerts each time this happened. Or to require quarantines. Or testing. The rates of false positives here would be through the roof. But ... so would false negatives,” he said.

Dang! Notorious spyware company NSO Group is marketing #COVID19 tracking in US, according to @NBCNightlyNews. Time to go CSI on screenshots of the product. THREAD pic.twitter.com/R6AnEC8Urw

— John Scott-Railton (@jsrailton) April 25, 2020

Asked about the tweets, NSO said that the “unfounded claims” were based on “guesses and outdated screenshots, instead of facts”.

“Meanwhile, our Covid-19 product, Fleming, has proved vital for governments around the world working to contain the outbreak. Well-respected journalists from several countries have viewed Fleming, understood how the technology works and recognised it is the latest evolution in analytics software - which does not compromise privacy,” the company said.

Contributor

Stephanie Kirchgaessner in Washington

The GuardianTramp

Related Content

Article image
Israeli spyware firm NSO Group faces renewed US scrutiny
Department of Justice said to have asked WhatsApp for details of alleged targeting of clients in 2019

Stephanie Kirchgaessner in Washington DC

01, Mar, 2021 @5:00 AM

Article image
NSO Group points finger at state clients in WhatsApp spying case
In court filing, Israeli spyware company says it does not operate technology it provides

Stephanie Kirchgaessner in Washington

07, Apr, 2020 @5:13 PM

Article image
Court orders maker of Pegasus spyware to hand over code to WhatsApp
Israeli company NSO Group is accused in lawsuit by Meta’s messaging app of spying on 1,400 users over a two-week period

Stephanie Kirchgaessner in Washington

29, Feb, 2024 @7:53 PM

Article image
Israeli spyware firm fails to get hacking case dismissed
Judge orders NSO Group to fight case brought by Saudi activist and pay his legal costs

Oliver Holmes and Stephanie Kirchgaessner

16, Jan, 2020 @10:27 AM

Article image
WhatsApp sues Israeli firm, accusing it of hacking activists' phones
NSO Group’s spyware allegedly used in cyber-attacks on lawyers and journalists

Nick Hopkins and Stephanie Kirchgaessner

29, Oct, 2019 @9:49 PM

Article image
Questions over Israel's role in WhatsApp case against spyware firm
WhatsApp alleges NSO Group hacked 1,400 users, including diplomats and activists

Stephanie Kirchgaessner in Washington and Oliver Holmes in Jerusalem

10, Mar, 2020 @7:51 PM

Article image
NSO Group spyware 'dangerous', say tech firms in legal filing
Israeli company should be held liable to American anti-hacking laws, Google, Microsoft and others argue

Stephanie Kirchgaessner in Washington

22, Dec, 2020 @4:25 PM

Article image
US judge: WhatsApp lawsuit against Israeli spyware firm NSO can proceed
NSO Group was sued last year by messaging app owned by Facebook

Stephanie Kirchgaessner in Washington

17, Jul, 2020 @4:27 PM

Article image
Israeli firm linked to WhatsApp spyware attack faces lawsuit
Amnesty International fears its staff may be ‘surveilled via NSO Pegasus software’

Dan Sabbagh

18, May, 2019 @5:00 AM

Article image
Israeli spyware used to target Moroccan journalist, Amnesty claims
Amnesty alleges phone of Omar Radi in Morocco was infected by NSO’s Pegasus software

Stephanie Kirchgaessner in Washington

21, Jun, 2020 @10:00 PM