MIT Technology Review Subscribe
Computing

WhatsApp is suing the world’s top hacking company

One of the most powerful tech firms on earth takes on the Israeli cyber surveillance firm NSO Group.
By Patrick Howell O'Neill

Whatsapp

Photo: Tim Reckmann/Flickr CC BY 2.0

WhatsApp is suing the Israeli hacking company NSO Group in US federal court, the head of WhatsApp, Will Cathcart, announced in the Washington Post today.

WhatsApp accuses NSO Group of exploiting a vulnerability to target approximately 1,400 phones and devices with “malware designed to infect with the purpose of conducting surveillance on specific WhatsApp users.” You can read the complaint here from WhatsApp, which is owned by Facebook.

Advertisement

The hack allowed NSO Group and its customers to spy on messages, emails, and phone calls, as well as the cameras and microphones of the devices in question.

This story is only available to subscribers.

Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.

Subscribe now Already a subscriber? Sign in
You’ve read all your free stories.

MIT Technology Review provides an intelligent and independent filter for the flood of information about technology.

Subscribe now Already a subscriber? Sign in

“There was another disturbing pattern to the attack, as our lawsuit explains,” Cathcart wrote. “It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world.” 

NSO Group, owned by the parent company Q Cyber Technologies, is an Israeli firm that’s become a world leader in building malware that targets mobile phones and devices. It operates around the world and with a wide variety of governments.

The list of publicly known customers and victims has made NSO infamous: Ahmed Mansoor, a human rights activist in the United Arab Emirates, is serving a 10-year prison sentence after NSO malware was reportedly used to repeatedly spy on him.

“NSO has previously denied any involvement in the [WhatsApp] attack,” Cathcart wrote. “But our investigation found otherwise.”

The complaint centers on what WhatsApp lawyers say is NSO Group’s unauthorized access and use of WhatsApp servers in order to emulate legitimate network traffic and WhatsApp calls as part of the operations to infect targeted devices. Malicious code concealed within the calls was the infection.

Researchers at the University of Toronto’s Citizen Lab have investigated and reported on the “journalists, human rights activists and defenders, lawyers, international investigators, political opposition groups, and other members of civil society” they say have been targeted by NSO Group malware.

The company was recently sold to Novalpina Capital and has since publicly stated it would adhere to United Nations principles, but Citizen Lab says the abuses have continued.

Advertisement

A tech giant suing NSO Group is a virtually unprecedented step, which will test a hacking industry that has been expanding in recent years. 

NSO Group did not respond to a request for comment.

Cathcart added that tech giants should join UN Special Rapporteur David Kaye’s recent call for an immediate moratorium on the sale, transfer, and use of surveillance tools like NSO Group malware.

This is your last free story.
Sign in Subscribe now

Your daily newsletter about what’s up in emerging technology from MIT Technology Review.

Please, enter a valid email.
Privacy Policy
Submitting...
There was an error submitting the request.
Thanks for signing up!

Our most popular stories

Advertisement