Israeli Firm NSO Linked to Spyware Tool that Uses WhatsApp To Target Activists

Israeli cyber-intelligence company, the NSO Group, has been accused of supplying spyware tools to hackers that use WhatsApp’s voice calling feature to target civil society members.

NSO Group’s Pegasus spyware has been linked to several high-profile surveillance cases on journalists and activists, including Saudi journalist Omar AbdulAziz, Emirati human rights campaigner Omar Mansoor and the murdered dissident Jamal Khashoggi.

WhatsApp confirmed Monday that it found a cyber-security breach that lets hackers install spyware on iPhones and Android devices via voice calls. The company has now asked its users to upgrade to the newest version of its app.

The security breach is particularly worrisome because WhatsApp is known for its end-to-end encryption and is a standard tool for communication for activists and journalists across the world. According to reports, the hackers can access the victim’s phones by making a voice call, even if the victim does not receive the call.

The company hasn’t officially named NSO as the entity behind the attack. However, in a statement to the Financial Times, it all but named the cyber-security group.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a statement. “We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.”

NSO Group is the creator of Pegasus, which is a program that gives hackers almost complete access to the victim’s phone, including camera and microphone. Pegasus was recently linked to attack on journalists and activists in Saudi Arabia and the United Arab Emirates.

Interestingly, Amnesty International on Monday said that it was supporting a legal action to revoke the export license of NSO Group.

“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” said Danna Ingleton, Deputy Director of Amnesty Tech.

“The Israeli MoD has ignored mounting evidence linking NSO Group to attacks on human rights defenders, which is why we are supporting this case. As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International’s staff and that of other activists, journalists and dissidents around the world is at risk.”

A London-based lawyer, who is working on cases that accuse NSO of providing surveillance tools to spy on journalists, also reportedly had his phone attacked, The New York Times reported.

The lawyer then contacted the Citizen Lab at the University of Toronto, which helped WhatsApp find the flaw in the voice calling feature, which was used in the attack.

NSO Group, on its part, has maintained that its products are sold to government bodies and other security agencies to help them deal with terrorists and criminals, NYT reports.

Researchers at the Citizen Lab are wary. “NSO and Novalpina have spent several months telling the world that there are adults in the room and telegraphing that they have made a commitment to close oversight,” said John Scott-Railton, a senior researcher at Citizen Lab, reports the NYT. “Yet even 24 hours ago, we observed what some believe to be an NSO infection attempt against a human-rights lawyer." Novalpina Capital is a British private equity firm.