Facebook Sues Over Spyware Planted On WhatsApp

Uploaded on 2019-10-30 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Facebook is gearing up its lawyers to take aggressive legal againts the NSO Group. The social media giant which owns the ubiquitous messaging palaform WhatsApp, is suing the Israeli NSO Group for cyber attacks asserting that the company was responsible for hacking WhatsApp to plant  malevolent  surveillance software. 

WhatsApp claims athe NSO spyware was used to exploit a vulnerability in the app to target approximately 1,400 people between in April and May this year.  

One hundred of those targeted were human rights defenders according to WhatsApp, in countries around the world. The vulnerability, first published about in May, allowed attackers to install spyware by calling the target using WhatsApp.

WhatsApp has launched a lawsuit against the Israeli surveillance firm, alleging that it was behind cyber-attacks on more than 100 human rights activists, lawyers, journalists and academics.

NSO Group, which sells its surveillance technology to governments all over the world, said in a statement on Tuesday 29th October that it disputed the claims in the WhatsApp lawsuit in the “strongest possible terms” and “will vigorously fight them.”

NSO Group added that its technology was used by intelligence and law enforcement agencies in lawful antiterrorism efforts and crime-fighting, and it “has helped to save thousands of lives over recent years.”

WhatsApp claimed in the lawsuit, which it filed in the US state of California this week, that technology sold by NSO was used to target the mobile phones of users in 20 countries over a two-week period. WhatsApp has apparently been working with Citizen Lab, an academic research group which is based in the University of Toronto, to focus on the targets of the cyber-attacks and the technology that was being used. NSO Group, which makes software for surveillance, disputed the allegations.

WhatsApp said in a court filing that the NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices”.

WhatsApp first discovered the hack in May. At the time it said that the attack was orchestrated by “an advanced cyber-actor” and it also said...“In May 2019 we stopped a highly sophisticated cyberattack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users. The nature of the attack did not require targeted users to answer the calls they received. 

“We quickly added new protections to our systems and issued an update to WhatsApp to help keep people safe. We are now taking additional action, based on what we have learned to date.

“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened…We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse,” 

In a separet case, Facebook has recently agreed to pay a £500,000 fine imposed by the UK's data protection watchdog for its role in the Cambridge Analytica scandal. But as part of the agreement, Facebook has not made admission of liability. 

Facebook appealed against the penalty and so the Information Commissioner's Office when on to pursue its own counter-appeal. Facebook has now said it "wished it had done more to investigate Cambridge Analytica" earlier.

Mark Zuckerberg, the CEO of Facebook, has also recently turned down appeals from the US government to sell WhatsApp and Instagram.

WhatsApp:        CityAM:           Economic Times

You Might Also Read: 

Spyware Proliferates To 45 Countries:

 

 

« Georgia Suffers A Nationwide Cyber Attack
Facebook, Free Speech & Fake News »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

SecDev

SecDev

SecDev is a consulting firm working at the intersection of geopolitical, digital, urban, energy and cyber risk.

Evidian

Evidian

Evidian, a Bull Group company, is the European leader and one of the major worldwide vendors of identity and access management software.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

TestArmy

TestArmy

TestArmy CyberForces provide you with a broad spectrum of cybersecurity services to test every aspect of your IT infrastructure security and software development process.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Securix

Securix

SECURIX AG delivers holistic IT security solutions that are tailored to the specific challenges and requirements of your company.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.