Facebook Sues Over Spyware Planted On WhatsApp

Uploaded on 2019-10-30 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Facebook is gearing up its lawyers to take aggressive legal againts the NSO Group. The social media giant which owns the ubiquitous messaging palaform WhatsApp, is suing the Israeli NSO Group for cyber attacks asserting that the company was responsible for hacking WhatsApp to plant  malevolent  surveillance software. 

WhatsApp claims athe NSO spyware was used to exploit a vulnerability in the app to target approximately 1,400 people between in April and May this year.  

One hundred of those targeted were human rights defenders according to WhatsApp, in countries around the world. The vulnerability, first published about in May, allowed attackers to install spyware by calling the target using WhatsApp.

WhatsApp has launched a lawsuit against the Israeli surveillance firm, alleging that it was behind cyber-attacks on more than 100 human rights activists, lawyers, journalists and academics.

NSO Group, which sells its surveillance technology to governments all over the world, said in a statement on Tuesday 29th October that it disputed the claims in the WhatsApp lawsuit in the “strongest possible terms” and “will vigorously fight them.”

NSO Group added that its technology was used by intelligence and law enforcement agencies in lawful antiterrorism efforts and crime-fighting, and it “has helped to save thousands of lives over recent years.”

WhatsApp claimed in the lawsuit, which it filed in the US state of California this week, that technology sold by NSO was used to target the mobile phones of users in 20 countries over a two-week period. WhatsApp has apparently been working with Citizen Lab, an academic research group which is based in the University of Toronto, to focus on the targets of the cyber-attacks and the technology that was being used. NSO Group, which makes software for surveillance, disputed the allegations.

WhatsApp said in a court filing that the NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices”.

WhatsApp first discovered the hack in May. At the time it said that the attack was orchestrated by “an advanced cyber-actor” and it also said...“In May 2019 we stopped a highly sophisticated cyberattack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users. The nature of the attack did not require targeted users to answer the calls they received. 

“We quickly added new protections to our systems and issued an update to WhatsApp to help keep people safe. We are now taking additional action, based on what we have learned to date.

“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened…We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse,” 

In a separet case, Facebook has recently agreed to pay a £500,000 fine imposed by the UK's data protection watchdog for its role in the Cambridge Analytica scandal. But as part of the agreement, Facebook has not made admission of liability. 

Facebook appealed against the penalty and so the Information Commissioner's Office when on to pursue its own counter-appeal. Facebook has now said it "wished it had done more to investigate Cambridge Analytica" earlier.

Mark Zuckerberg, the CEO of Facebook, has also recently turned down appeals from the US government to sell WhatsApp and Instagram.

WhatsApp:        CityAM:           Economic Times

You Might Also Read: 

Spyware Proliferates To 45 Countries:

 

 

« Georgia Suffers A Nationwide Cyber Attack
Facebook, Free Speech & Fake News »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

IQ Solutions

IQ Solutions

IQ Solutions is a Digital Integrator and an ICT Services Provider, focusing on innovative Cyber Secured ICT managed solutions tailored to the needs of the Maritime Industry.

Kryptus

Kryptus

Kryptus provides a wide array of solutions for hardware, firmware and software ranging from semiconductors to complex digital certificate management systems.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

SIS Certifications (SIS CERT)

SIS Certifications (SIS CERT)

SIS Certifications is an ISO certification body serving more than 10,000 clients in over 15 countries worldwide.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

Cyberus

Cyberus

Cyberus brings together industry, business, and government to collaboratively create a secure digital future for Russia and the world.