Facebook Sues Over Spyware Planted On WhatsApp

Uploaded on 2019-10-30 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Facebook is gearing up its lawyers to take aggressive legal againts the NSO Group. The social media giant which owns the ubiquitous messaging palaform WhatsApp, is suing the Israeli NSO Group for cyber attacks asserting that the company was responsible for hacking WhatsApp to plant  malevolent  surveillance software. 

WhatsApp claims athe NSO spyware was used to exploit a vulnerability in the app to target approximately 1,400 people between in April and May this year.  

One hundred of those targeted were human rights defenders according to WhatsApp, in countries around the world. The vulnerability, first published about in May, allowed attackers to install spyware by calling the target using WhatsApp.

WhatsApp has launched a lawsuit against the Israeli surveillance firm, alleging that it was behind cyber-attacks on more than 100 human rights activists, lawyers, journalists and academics.

NSO Group, which sells its surveillance technology to governments all over the world, said in a statement on Tuesday 29th October that it disputed the claims in the WhatsApp lawsuit in the “strongest possible terms” and “will vigorously fight them.”

NSO Group added that its technology was used by intelligence and law enforcement agencies in lawful antiterrorism efforts and crime-fighting, and it “has helped to save thousands of lives over recent years.”

WhatsApp claimed in the lawsuit, which it filed in the US state of California this week, that technology sold by NSO was used to target the mobile phones of users in 20 countries over a two-week period. WhatsApp has apparently been working with Citizen Lab, an academic research group which is based in the University of Toronto, to focus on the targets of the cyber-attacks and the technology that was being used. NSO Group, which makes software for surveillance, disputed the allegations.

WhatsApp said in a court filing that the NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices”.

WhatsApp first discovered the hack in May. At the time it said that the attack was orchestrated by “an advanced cyber-actor” and it also said...“In May 2019 we stopped a highly sophisticated cyberattack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users. The nature of the attack did not require targeted users to answer the calls they received. 

“We quickly added new protections to our systems and issued an update to WhatsApp to help keep people safe. We are now taking additional action, based on what we have learned to date.

“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened…We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse,” 

In a separet case, Facebook has recently agreed to pay a £500,000 fine imposed by the UK's data protection watchdog for its role in the Cambridge Analytica scandal. But as part of the agreement, Facebook has not made admission of liability. 

Facebook appealed against the penalty and so the Information Commissioner's Office when on to pursue its own counter-appeal. Facebook has now said it "wished it had done more to investigate Cambridge Analytica" earlier.

Mark Zuckerberg, the CEO of Facebook, has also recently turned down appeals from the US government to sell WhatsApp and Instagram.

WhatsApp:        CityAM:           Economic Times

You Might Also Read: 

Spyware Proliferates To 45 Countries:

 

 

« Georgia Suffers A Nationwide Cyber Attack
Facebook, Free Speech & Fake News »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

GLIMPS

GLIMPS

GLIMPS-Malware automatically detects malware affecting standard computer systems, manufacturing systems, IOT or automotive domains.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

Highen Fintech

Highen Fintech

Highen is a blockchain software development company with offices in the United States and development centers in India.

Vantor

Vantor

Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.

Command Zero

Command Zero

Command Zero is the industry’s first autonomous and AI-assisted cyber investigations platform, built to transform security operations in complex enterprise environments.

Nyx Technology

Nyx Technology

Nyx Technology is your dedicated partner in navigating the intricate world of cyber security, providing you with cutting-edge threat intelligence to safeguard your digital assets.