Facebook sues spyware maker due to exploitation of WhatsApp vulnerability
Facebook has filed a lawsuit against the Israeli company NSO Group, which is engaged in the development and sale of espionage solutions and the so-called “legal malware”.
NSO Group was founded in 2010 and since then has been developing various legal malware, which, along with exploits for various 0-days, it sells to governments and special services around the world. NSO Group was widely known in 2016-2017 when information security experts discovered the powerful spy tools Pegasus and Chrysaor, developed by the company and designed for iOS and Android.
Then the experts called the NSO Group nothing more than “cyberweapons dealers,” and the company, which did not even have a public website and always tried to stay in the background, was forced to issue an official statement. It stated that “the NSO’s mission is to make the world a safer place by delivering technologies to authorized government agencies that help them fight crime and terrorism.”
The cause of the lawsuit was WhatsApp’s zero-day vulnerability, which Facebook claims was sold to the NSO Group, and then the company helped use the problem to attack human rights defenders, journalists, political dissidents, diplomats, and government officials. According to court documents, more than 1,400 people in Bahrain, the United Arab Emirates, and Mexico suffered a total of 11 days from attacks. Facebook has already sent WhatsApp special messages to everyone affected.
Let me remind you that this 0-day problem became known in May of this year. At that time, the Financial Times claimed that the NSO Group had developed an exploit for a problem that overused the functionality of WhatsApp VoIP calls. So, the victim received a call on WhatsApp, and specially created RTCP packages allowed the attacker to run malicious code on the device, which led to the installation of Pegasus (regardless of whether the victim used Android or iOS). As a result, Facebook developers were forced to release urgent updates and fixed the vulnerability, but then the company did not make any official statements, apart from publishing a few simple recommendations.
Now, Facebook officials told the Washington Post that they had gathered enough evidence of the NSO Group’s involvement in the incident and considered it necessary to bring it to court. So, the attacks turned out to be coupled with the servers and hosting services that had previously been associated with the NSO Group, and, in addition, some WhatsApp accounts used during the attacks were also tracked to an Israeli company.
The social network intends to hold NSO Group accountable, including under the law on computer fraud and abuse, proving that the company was associated with an active hacker campaign and is engaged not only in the legal business.
Representatives of the NSO Group have already responded to what is happening, said that they intend to deal with the allegations and once again assured the media that they only provide their technology to licensed government, intelligence, and law enforcement agencies to help those fight terrorism and crime. The company claims to comply with UN laws and recommendations, stopping any abuse of its products.