Facebook Sues Over Spyware Planted On WhatsApp

Facebook is gearing up its lawyers to take aggressive legal againts the NSO Group. The social media giant which owns the ubiquitous messaging palaform WhatsApp, is suing the Israeli NSO Group for cyber attacks asserting that the company was responsible for hacking WhatsApp to plant  malevolent  surveillance software. 

WhatsApp claims athe NSO spyware was used to exploit a vulnerability in the app to target approximately 1,400 people between in April and May this year.  

One hundred of those targeted were human rights defenders according to WhatsApp, in countries around the world. The vulnerability, first published about in May, allowed attackers to install spyware by calling the target using WhatsApp.

WhatsApp has launched a lawsuit against the Israeli surveillance firm, alleging that it was behind cyber-attacks on more than 100 human rights activists, lawyers, journalists and academics.

NSO Group, which sells its surveillance technology to governments all over the world, said in a statement on Tuesday 29th October that it disputed the claims in the WhatsApp lawsuit in the “strongest possible terms” and “will vigorously fight them.”

NSO Group added that its technology was used by intelligence and law enforcement agencies in lawful antiterrorism efforts and crime-fighting, and it “has helped to save thousands of lives over recent years.”

WhatsApp claimed in the lawsuit, which it filed in the US state of California this week, that technology sold by NSO was used to target the mobile phones of users in 20 countries over a two-week period. WhatsApp has apparently been working with Citizen Lab, an academic research group which is based in the University of Toronto, to focus on the targets of the cyber-attacks and the technology that was being used. NSO Group, which makes software for surveillance, disputed the allegations.

WhatsApp said in a court filing that the NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices”.

WhatsApp first discovered the hack in May. At the time it said that the attack was orchestrated by “an advanced cyber-actor” and it also said...“In May 2019 we stopped a highly sophisticated cyberattack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users. The nature of the attack did not require targeted users to answer the calls they received. 

“We quickly added new protections to our systems and issued an update to WhatsApp to help keep people safe. We are now taking additional action, based on what we have learned to date.

“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened…We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse,” 

In a separet case, Facebook has recently agreed to pay a £500,000 fine imposed by the UK's data protection watchdog for its role in the Cambridge Analytica scandal. But as part of the agreement, Facebook has not made admission of liability. 

Facebook appealed against the penalty and so the Information Commissioner's Office when on to pursue its own counter-appeal. Facebook has now said it "wished it had done more to investigate Cambridge Analytica" earlier.

Mark Zuckerberg, the CEO of Facebook, has also recently turned down appeals from the US government to sell WhatsApp and Instagram.

WhatsApp:        CityAM:           Economic Times

You Might Also Read: 

Spyware Proliferates To 45 Countries:

 

 

« Georgia Suffers A Nationwide Cyber Attack
Facebook, Free Speech & Fake News »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

HOBI International

HOBI International

HOBI International is a leading mobile, IT and data center asset management provider with solutions for device management, reverse logistics, data erasure, refurbishment and recycling.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.