Facebook sued the Israeli company NSO Group, which develops and sells spyware solutions and the so-called “legal malware”.
NSO Group was founded in 2010 and since then has been developing various legal malware, which, along with exploits for various 0-days, it sells to governments and intelligence agencies around the world. NSO Group gained popularity in 2016-2017, when information security experts discovered the powerful spy tools Pegasus and Chrysaor, developed by the company and designed for iOS and Android.
Then the experts called the NSO Group nothing more than “cyber weapons dealers,” and the company, which did not even have a public website and always tried to stay in the background, was forced to issue an official statement.
“The NSO’s mission is to make the world a safer place by delivering technologies to authorized government agencies that help them fight crime and terrorism”, – says the statement by NSO Group.
The cause of the lawsuit was WhatsApp’s zero-day vulnerability, which Facebook claims was sold to the NSO Group, and then the company helped use the problem to attack human rights defenders, journalists, political dissidents, diplomats, and governmental officials.
According to court documents, more than 1,400 people in Bahrain, the United Arab Emirates, and Mexico suffered a total of 11 days from attacks. Facebook has already sent WhatsApp special messages to everyone affected.
Read also: Adobe left data of 7.5 million users in public access
Recall that this 0-day problem became famous in May of this year. At that time, the Financial Times claimed that the NSO Group had developed an exploit for a problem that overused the functionality of WhatsApp VoIP calls. So, the victim received a call on WhatsApp, and specially created RTCP packages allowed the attacker to run malicious code on the device, which led to the installation of Pegasus (regardless of whether the victim used Android or iOS). As a result, Facebook developers were forced to release urgent updates and fixed the vulnerability, but then the company did not make any official statements, apart from publishing a few simple recommendations.
“The company has gathered enough evidence of the involvement of NSO Group in this incident and found it necessary to go to court. So, the attacks turned out to be connected with the servers and hosting services that had previously been associated with the NSO Group, and, in addition, some of the WhatsApp accounts used during the attacks also managed to be traced back to the Israeli company”, – told Facebook representatives reporters from the Washington Post.
The social network intends to hold NSO Group accountable, including under the law on computer fraud and abuse, proving that the company was associated with an active hacker campaign and is engaged not only in legal business.
User Review
( votes)
