Skip to Content
Computing

WhatsApp is suing the world’s top hacking company

One of the most powerful tech firms on earth takes on the Israeli cyber surveillance firm NSO Group.
Whatsapp
WhatsappPhoto: Tim Reckmann/Flickr CC BY 2.0

WhatsApp is suing the Israeli hacking company NSO Group in US federal court, the head of WhatsApp, Will Cathcart, announced in the Washington Post today.

WhatsApp accuses NSO Group of exploiting a vulnerability to target approximately 1,400 phones and devices with “malware designed to infect with the purpose of conducting surveillance on specific WhatsApp users.” You can read the complaint here from WhatsApp, which is owned by Facebook.

The hack allowed NSO Group and its customers to spy on messages, emails, and phone calls, as well as the cameras and microphones of the devices in question.

“There was another disturbing pattern to the attack, as our lawsuit explains,” Cathcart wrote. “It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world.” 

NSO Group, owned by the parent company Q Cyber Technologies, is an Israeli firm that’s become a world leader in building malware that targets mobile phones and devices. It operates around the world and with a wide variety of governments.

The list of publicly known customers and victims has made NSO infamous: Ahmed Mansoor, a human rights activist in the United Arab Emirates, is serving a 10-year prison sentence after NSO malware was reportedly used to repeatedly spy on him.

“NSO has previously denied any involvement in the [WhatsApp] attack,” Cathcart wrote. “But our investigation found otherwise.”

The complaint centers on what WhatsApp lawyers say is NSO Group’s unauthorized access and use of WhatsApp servers in order to emulate legitimate network traffic and WhatsApp calls as part of the operations to infect targeted devices. Malicious code concealed within the calls was the infection.

Researchers at the University of Toronto’s Citizen Lab have investigated and reported on the “journalists, human rights activists and defenders, lawyers, international investigators, political opposition groups, and other members of civil society” they say have been targeted by NSO Group malware.

The company was recently sold to Novalpina Capital and has since publicly stated it would adhere to United Nations principles, but Citizen Lab says the abuses have continued.

A tech giant suing NSO Group is a virtually unprecedented step, which will test a hacking industry that has been expanding in recent years. 

NSO Group did not respond to a request for comment.

Cathcart added that tech giants should join UN Special Rapporteur David Kaye’s recent call for an immediate moratorium on the sale, transfer, and use of surveillance tools like NSO Group malware.

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

Algorithms are everywhere

Three new books warn against turning into the person the algorithm thinks you are.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.