Facebook sues Israeli cyber surveillance firm over WhatsApp hack

Facebook sues Israeli cyber surveillance firm over WhatsApp hack
© Getty

Facebook on Tuesday sued an Israeli cyber surveillance firm over allegations that it hacked approximately 1,400 WhatsApp users earlier this year.

WhatsApp, which is owned by Facebook, is alleging that the Israeli NSO Group exploited the encrypted platform in a hacking spree that targeted journalists, human rights activists and other civil society players. 


"This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users," WhatsApp said in a blog post Tuesday. 

In May, WhatsApp urged its 1.5 billion users to update their apps as it patched the vulnerability that gave hackers access to users' phones. Now it is pinning the attack directly on NSO Group. 

NSO Group vowed to fight the lawsuit in a statement.

"In the strongest possible terms, we dispute today’s allegations and will vigorously fight them," the group said. "The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years."

In court documents filed with the U.S. District Court for the Northern District of California, WhatsApp is alleging that NSO Group sent malware to more than 1,000 of its users. That spyware allegedly allowed NSO Group's clients to surveil users' messages. 

Facebook is claiming that NSO Group used its software to access messages sent on WhatsApp as well as other messaging platforms, including Apple's iMessage.

The group's software has been used by governments such as Saudi Arabia, the United Arab Emirates and Mexico.

Will Cathcart, head of WhatsApp, wrote in a Washington Post op-ed that NSO Group's attack was "highly sophisticated" but that "their attempts to cover their tracks were not entirely successful."

"As we gathered the information that we lay out in our complaint, we learned that the attackers used servers and Internet-hosting services that were previously associated with NSO," he wrote. "In addition, as our complaint notes, we have tied certain WhatsApp accounts used during the attacks back to NSO."

Cathcart wrote that the company believes the surveillance software was "abused."

"The proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk," he said. 

Updated at 5:49 p.m.