In recent court filings, WhatsApp alleged that the NSO Group, an Israeli based spyware company, was ‘deeply involved’ in 1,400 mobile phone hacks that were carried out against WhatsApp users, including journalists, human rights activists, and senior government officials.

WhatsApp attacks

The NSO Group is a cyber-intelligence company whose tools are used by governments around the world. One of their most well-known pieces of spyware is called Pegasus and enables remote surveillance of smartphones. The company has claimed for years that their spyware is used by governments to help stop terrorists and other criminal activity, but that they have no independent knowledge of how their clients use the hacking software.

Allegedly, the hacking of more than a dozen Indian journalists and Rwandan dissidents are included in the human rights violations set out by the new claims against the NSO Group.

More details about how the Pegasus software is allegedly being deployed to WhatsApp users’ smartphones is being revealed by the lawsuit filed against the NSO Group by WhatsApp. According to WhatsApp, victim’s devices were infected with Pegasus via the call feature in the WhatsApp app. They go on to explain that “NSO used a network of computers to monitor and update Pegasus after it was implanted on users’ devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers’ operation and use of Pegasus.”.

In WhatsApp’s court filling, they allege that the NSO Group were able to gain “unauthorised access” to their servers. They go on to say that the NSO Group were then able to circumvent security measures put in place to prevent the apps call functions from being manipulated. Reportedly, amongst the court fillings is also a sworn statement from one of the WhatsApp engineers that worked on the investigation of hacks. The statement says that the IP address of a remote server housed in a data centre in Los Angeles appeared 720 times in the code used in the attacks. The engineer says that this data centre was used by the NSO Group.

It has been reported that in their legal fillings, the NSO Group has said they have no insight into how government clients use its hacking tools, and therefore does not know who governments are targeting.