[ad_1]
WhatsApp has alleged in new court filings that an Israeli spyware company used servers based in the US. USA And she was “deeply involved” in carrying out attacks on the mobile phones of 1,400 WhatsApp users, including senior government officials, journalists and human rights activists.
New claims about the NSO Group allege that the Israeli company is responsible for serious human rights violations, including the hacking of more than a dozen Indian journalists and Rwandan dissidents.
For years, the NSO Group has said that its spyware is purchased by government clients for the purpose of tracking terrorists and other criminals and that it had no independent knowledge of how those clients, which in the past included Saudi Arabia and Mexico, use their hacking software.
But a WhatsApp lawsuit filed against the NSO Group last year, the first of its kind by a major tech company, reveals more technical details about how the piracy software, Pegasus, is allegedly being deployed against targets.
In court filings last week, WhatsApp said its own investigation into how Pegasus was used against 1,400 users last year showed that the servers controlled by the NSO Group, not its government clients, were an integral part of how the attacks were carried out. .
WhatsApp has said that the victims of the hack received phone calls using their messaging application and that they were infected with Pegasus. Then, he said: “NSO used a computer network to monitor and update Pegasus after it was implanted on users’ devices. These NSO-controlled computers served as the nerve center through which NSO controlled the operation and use of Pegasus by its customers. “
According to the WhatsApp presentation, NSO obtained “unauthorized access” to its servers by reverse engineering the messaging application, and then circumvented the company’s security features that prevent tampering with the company’s calling features. A WhatsApp engineer who investigated the hacks said in an affidavit filed with the court that in 720 cases, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data center was used by NSO.
NSO has said in legal documents that it has no idea how government clients use its hacking tools and therefore does not know who governments are targeting.
But an expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp on the case, said that NSO’s control of the servers involved in the hack suggests that the company would have had records, including IP addresses, that identified the users who were under attack. .
“Whether or not NSO looks at those records, who knows? But the fact that it can be done is contrary to what they say, “said Scott-Railton.
In a statement to The Guardian, NSO maintained its previous comments. “Our products are used to stop terrorism, stop violent crime, and save lives. NSO Group does not operate Pegasus software for its clients, ”the company said. “Our past statements about our business and the extent of our interaction with our clients from government intelligence and law enforcement agencies are accurate.”
The company said it would file its response in court in the coming days.
New developments in the case occur when NSO faces separate questions about the accuracy of a follow-up product it released after the Covid-19 outbreak. The new program, called Fleming, uses mobile phone data and public health information to identify who people infected with the coronavirus may have contacted. A NBC report last weekend said the new NSO tool was being marketed in the United States.
But in a Twitter thread, Scott-Railton said his analysis showed he trusted data that seemed very imprecise.
“When you work with data with so much built-in inaccuracy, it would be pretty intense to issue alerts every time this happens. Or to require quarantines. Or testing. False positive rates here would be through the roof. But … so would false negatives, “he said.
When asked about the tweets, NSO said the “unfounded claims” were based on “guesswork and outdated screenshots, rather than facts.”
“Meanwhile, our Covid-19 product, Fleming, has proven vital to governments around the world working to contain the outbreak. Respected journalists from various countries saw Fleming, understood how technology works, and recognized that it is the latest evolution in analytics software, which does not compromise privacy, ”the company said.