WhatsApp has filed a lawsuit against Israeli cyber-surveillance company, NSO Group, for allegedly carrying out a series of cyber-attacks that infected devices with malicious software earlier this year. As per the court filing, the NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices”. The attacks reportedly took place during a 14-day period from the end of April to the middle of May, although, the Israeli firm denies any role in the hackings.
According to the lawsuit, the Israeli company used a known vulnerability in WhatsApp to install spyware in the mobile devices of around 1,400 high-profile individuals, including journalists, human rights activists, political dissidents and diplomats from 20 countries. The complaint, filed in a US court, alleges that the actions of NSO violated both U.S. and California laws as well as the WhatsApp Terms of Service.
In a press release announcing its decision to sue NSO, WhatsApp said: “Human rights groups have documented a disturbing trend that such tools have been used to attack journalists and human rights defenders. Working with research experts at the Citizen Lab, we believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse. We are committed to doing all we can, working with industry partners, to protect our users and guard against these kinds of threats”.
According to WhatsApp, this is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users. “In our complaint we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective. We are seeking a permanent injunction banning NSO from using our service”, said the company.