US allies targeted by WhatsApp video hack
Victims include high profile government and military officials spread across 20 countries, report
Senior government and military officials in US-allied countries were the target of a WhatsApp video hack earlier this year, it has emerged.
The hack allegedly enabled attackers to take over a users smartphone through the Facebook-owned messenger app simply by ringing the target's device, according to Reuters.
On Tuesday, Facebook launched legal action against an Israeli-based spyware firm NSO Group also known as Q Cyber Technologies which is part-owned by Novalpina Capital, a European private equity firm.
The social network accused it of providing tools to government agencies to target individuals through WhatsApp video calling.
It's alleged that the group developed Pegasus, a tool that exploited a vulnerability in the messaging app to track users. WhatsApp fixed this issue in May and began an investigation with the University of Toronto's Citizen's Lab.
"As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses," the Lab said in a blog post.
NSO Group has said it sells spyware exclusively to government customers, however, in a statement to Reuters it said it was "not able to disclose who is or is not a client or discuss specific uses of its technology". Initially, the firm had denied any wrongdoing, saying that its products are for governments to catch terrorists.
However, it has been used to target high profile government and military officials, spread across 20 countries on five continents, according to Reuters, which cites sources familiar with WhatsApp's internal investigation. What's more, these sources said many of these nations are US allies.
WhatsApp claimed that approximately 1,400 individuals were effected by attacks launched between April and May, but these were initially thought to be just journalists and human rights activists.
30/10/2019: WhatsApp sues NSO Group for Pegasus spyware attack
Facebook has launched legal action against an Israeli spyware firm after accusing the company of providing the tools for government agencies to target individuals through WhatsApp video calling.
Pegasus, allegedly developed by NSO Group, was used between April May to attack a litany of users by exploiting a WhatsApp vulnerability in order to track their communications and even their location. WhatsApp, which is owned by Facebook, claims approximately 1,400 individuals were impacted by the attack, including a raft of journalists and human rights activists, according to court filings.
NSO Group is known for developing spyware technology for national governments and public sector agencies. WhatsApp, with the help of CitizenLab, claims NSO Group and similar companies do not have strict enough controls in place to ensure their products aren't complicit in cyber attacks.
"Some of your most personal moments are shared on WhatsApp, which is why we provide end-to-end encryption for all messages and calls by default," WhatsApp said in a blog post.
"This attack was developed to access messages after they were decrypted on an infected device, abusing in-app vulnerabilities and the operating systems that power our mobile phones."
CitizenLab claims the sophisticated Pegasus attack involved malware being installed on users phones through a number of tactics, ranging from zero-day exploits to deception. Once installed, it contacted the operator's command and control (C&C) servers to retrieve commands, and exfiltrate users' personal data.
WhatsApp claims that clients of NSO, which vary from government agencies and secret services to private companies, could at this stage retrieve any personal data harvested from targeted users.
The lawsuit claims NSO Group violated several federal acts that prohibit computer misuse, as well as violating WhatsApp's property. Facebook is seeking "reasonable damages" as a result of the claim.
"In the strongest possible terms, we dispute today's allegations and will vigorously fight them," a spokesperson from NSO said.
"The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists."
"The truth is that strongly encrypted platforms are often used by paedophile rings, drug kingpins and terrorists to shield their criminal activity.
"Without sophisticated technologies, the law enforcement agencies meant to keep us all safe face insurmountable hurdles. NSO's technologies provide proportionate, lawful solutions to this issue."
The company's firm stance against encryption chimes with that persistently expressed by several national governments, including the UK government.
Security agencies have long-railed against end-to-end encryption, used in WhatsApp and other platforms, as it prevents agents from accessing the private communications data of those suspected of crimes.
The Australian government even passed a controversial law against encryption in 2018, which would allow law enforcement to compel tech and telecoms firms to break their own encryption.
The long-standing request for social media firms to insert backdoors into their products, however, has been roundly rejected by developers due to risks that it would also allow cyber criminals to exploit them.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now