Serviceteam IT Security News

An Israeli company whose spyware has been used to target journalists in India, politicians in Spain, and human rights activists in Morocco may soon be forced to divulge information about its government clients and practices after a judge in California ruled that a lawsuit against the company could proceed.

NSO Group was sued by WhatsApp, which is owned by Facebook, last year, after the popular messaging app accused the company of sending malware to 1,400 of its users over a two-week period and targeting their mobile phones.

In a ruling that the case could proceed in a US district court in California, Judge Phyllis Hamilton said she had not been entirely persuaded by NSO Group’s argument that it had no role in the targeting of WhatsApp’s users. Instead, Judge Hamilton said it appeared that NSO Group “retained some role” in the targeting of individuals, “even if it was at the direction of their customers”. The case will now proceed to discovery, in which both sides can request documents and records.

WhatsApp, which has said that 100 members of civil society from around the world were targeted in the “unlawful” 2019 attack, said it was pleased with the court’s decision.

“The decision also confirms that WhatsApp will be able to obtain relevant documents and other information about NSO’s practices,” a WhatsApp spokesperson said.

Judge Hamilton also pointed out that the underlying facts in the case – that someone sent malicious code and malware through WhatsApp’s servers – did not appear to be disputed. Instead, the lawsuit revolved around whether NSO Group’s “sovereign customers” were to blame, or the company itself.

NSO Group has said it only sells spyware to government clients and law enforcement agencies to track terrorists and criminals. It has argued that critics of the company’s practices, including privacy advocates, have ignored a grave problem facing law enforcement agencies around the world: the proliferation of encrypted communications applications like WhatsApp, which it argues have made it easier for terrorists and other criminals to evade detection. NSO Group has retained the law firm of King & Spalding to represent it in the case. Its legal team includes the Trump administration’s former deputy attorney general, Rod Rosenstein.

NSO Group said in a statement: “Our legal team is reviewing the court’s decision, so we are not in a position to comment in detail at this time. Our technology is used to save lives and prevent terror and crime worldwide, and we remain confident that our conduct is lawful.”

NSO Group’s past customers have reportedly included Saudi Arabia, Mexico, and the United Arab Emirates, and its spyware is alleged to have been used against human rights campaigners, including Omar Abdulaziz, a close associate of the murdered Washington Post journalist Jamal Khashoggi. NSO Group has strenuously denied its software was ever used to target Khashoggi personally and has said Abdulaziz, who is suing the company in Israel, had a history of “unfounded claims” against NSO Group.

WhatsApp and research collaborators at Citizen Lab at the University of Toronto, alerted the 1,400 users who they say were targeted in the attack last year, prompting many of the individuals to come forward. They included more than a dozen journalists in India, prominent journalists and human rights campaigners in Morocco, exiled Rwandan activists living in Europe, and, as the Guardian reported this week, key figures in the Catalan pro-independence movement in Spain. The Guardian also reported that more than a dozen Pakistani defence and intelligence officials were allegedly targeted in the attack. The Pakistani government did not confirm or deny the attacks.

The decision to allow the US lawsuit to proceed could pose a challenge to NSO Group’s government clients who have previously denied any association with the company, in case the judge forces the company to reveal its client list.

NSO Group earlier this week won a victory in an Israeli court after a judge rejected a legal case filed by Amnesty International that attempted to block the company from selling its cyber-weapons internationally.

Source: The Guardian

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!