WhatsApp: Israeli Firm 'Deeply Involved' In Hacking Our Users (theguardian.com) 9
WhatsApp has alleged in new court filings that an Israeli spyware company used US-based servers and was "deeply involved" in carrying out mobile phone hacks of 1,400 WhatsApp users, including senior government officials, journalists, and human rights activists. The Guardian reports: The new claims about NSO Group allege that the Israeli company bears responsibility in serious human rights violations, including the hacking of more than a dozen Indian journalists and Rwandan dissidents. For years, NSO Group has said that its spyware is purchased by government clients for the purpose of tracking down terrorists and other criminals and that it had no independent knowledge of how those clients -- which in the past have reportedly included Saudi Arabia and Mexico -- use its hacking software.
But a lawsuit filed by WhatsApp against NSO Group last year -- the first of its kind by a major technology company -- is revealing more technical details about how the hacking software, Pegasus, is allegedly deployed against targets. In the court filings last week, WhatsApp said its own investigation into how Pegasus was used against 1,400 users last year showed that servers controlled by NSO Group -- not its government clients -- were an integral part of how the hacks were executed. WhatsApp has said victims of the hack received phone calls using its messaging app, and were infected with Pegasus. Then, it said: "NSO used a network of computers to monitor and update Pegasus after it was implanted on users' devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers' operation and use of Pegasus."
NSO has said in legal filings that it has no insight into how government clients use its hacking tools, and therefore does not know who governments are targeting. But one expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp on the case, said NSO's control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted. "Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients," the company said in a statement. "Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate."
But a lawsuit filed by WhatsApp against NSO Group last year -- the first of its kind by a major technology company -- is revealing more technical details about how the hacking software, Pegasus, is allegedly deployed against targets. In the court filings last week, WhatsApp said its own investigation into how Pegasus was used against 1,400 users last year showed that servers controlled by NSO Group -- not its government clients -- were an integral part of how the hacks were executed. WhatsApp has said victims of the hack received phone calls using its messaging app, and were infected with Pegasus. Then, it said: "NSO used a network of computers to monitor and update Pegasus after it was implanted on users' devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers' operation and use of Pegasus."
NSO has said in legal filings that it has no insight into how government clients use its hacking tools, and therefore does not know who governments are targeting. But one expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp on the case, said NSO's control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted. "Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients," the company said in a statement. "Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate."
Re: (Score:2, Funny)
So, GNAA, basically?
With great power...comes no responsibility (Score:1)
These companies always justify their existence with the same crap politicians use to achieve the end goal of surveillance of everyone. They will saying it's to get the bad guys doing high crimes. We all know they really want to use it to find dissidence and conduct fishing expositions on people they "don't like" for any reason.
On another note, it's probably incorrect to say those servers have logs on them since any company good at privacy doesn't keep logs that might expose the private thing by default.
Just like always (Score:2)
"NSO used a network of computers to monitor and update Pegasus after it was implanted on users' devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers' operation and use of Pegasus."
So, is it RICO? It must be RICO.
we don't operate it, but claim to know (Score:3)
we don't operate it, but claim to know what it's operated for.
of course they say that they don't operate it. that would be illegal and put them on wanted lists in other countries.
Opressing Palestinians is not enough? (Score:2, Interesting)
Hands up everyone who was surprised (Score:2)
No? Anyone? Hello? Is this on?
Not the same (Score:2)
Whenever we get this story we have some apologists who state that Facebook (who owns WhatsApp) spies on all these people anyway. That is true, but the difference is that users signed up for that. They did not sign up to be spied on by the Israelis.