Facebook sues ‘hacker-for-hire’ firm over WhatsApp spyware

WhatsApp has taken legal action over the hacks in their application. The news comes via an op-ed in the Washington Post written by Will Cathcart, who is the head of WhatsApp (which, should be noted, is owned by Facebook — the actual filer of the lawsuit). Cathcart asserts that all of the recent cybersecurity breaches dating back to May where users were infected with spyware during a video call can be traced to a technology firm in Israel called the NSO Group, which the Associated Press describes as a “hacker-for-hire company.”

Cathcart presents the following evidence in support of Facebook/ WhatsApp’s legal action:

As we gathered the information that we lay out in our complaint, we learned that the attackers used servers and Internet-hosting services that were previously associated with NSO. In addition, as our complaint notes, we have tied certain WhatsApp accounts used during the attacks back to NSO. While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful... There was another disturbing pattern to the attack, as our lawsuit explains. It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world. This should serve as a wake-up call for technology companies, governments, and all Internet users. Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk.

While any subsidiary of Facebook claiming to have moral standing in the realm of privacy is absurd, the case nevertheless seems to have enough evidence to back the lawsuit. A bulk of the evidence that is being used in the WhatsApp case stems from independent research conducted by the University of Toronto’s Citizen Lab. The data that Citizen Lab found was enough to lead Facebook to use legal statutes from the U.S. Computer Fraud and Abuse Act to sue NSO Group.

NSO Group denies any involvement in the malicious activities they are accused of perpetrating. At this point, there is no more information that can be gleaned from the case until it actually gets underway in the courts. For now, however, it may be beneficial for privacy-minded users to use a different messaging service other than WhatsApp. Signal gets my personal recommendation, however, there are other options as well. Facebook may be correct in suing the NSO Group, but as numerous incidents over the years have indicated, they are not exactly rigorous when it comes to protecting privacy.

Just remember, there is always somebody out there trying to spy on you. Nobody gets a pass.

Featured image: Flickr/ Tim Reckmann

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Moving data from an Azure VM to Storage Account with AzCopy

Here’s an elegant and modern way to move data from your Azure virtual machine to…

8 hours ago

A lot not to like: Analysis of recent Facebook data breach

The effects of the recent Facebook data breach are still being felt. In this new…

13 hours ago

Exchange 2019: Building an environment from scratch

Are you finally ready to take the plunge into Exchange 2019? If you are building…

16 hours ago

Cyber-extortion scheme targets Google AdSense users

A cyber-extortion scam targeting Google’s AdSense users is making waves. Here are the facts that…

1 day ago

Need to check your Azure VM costs? Use this script

Nobody likes a surprise in their cloud bills. This handy script will help you check…

1 day ago

Updating and extending PowerShell object’s type data

This neat PowerShell tip will help you write more efficient scripts by showing you how…

2 days ago