In newly publicised court filings cited by The Guardian, WhatsApp has taken a dig at the Israeli spyware company NSO Group, accusing it of exploiting US-based servers, as it was “deeply involved” in carrying out the mobile phone hacks of 1,400 users - with senior government officials and human rights activists among them.
The social media company took the matter to court last year, indicting NSO of severe human rights violations, including the hacking of more than a dozen Indian journalists and Rwandan dissidents.
The documents shed light on a number of technical details about how the hacking software, Pegasus, is allegedly deployed against targets.
WhatsApp alleges that the victims of the hack had received phone calls using its messaging app and were “infected” with Pegasus, which NSO reportedly updated using a network of computers for monitoring. “These NSO-controlled computers served as the nerve centre through which NSO controlled its customers’ operation and use of Pegasus”, the court files suggest.
WhatsApp insists that NSO gained “unauthorised access” to its servers by reverse-engineering the messaging app and then going around the company’s security settings that prevent misuse of the company’s call features.
One WhatsApp engineer who looked into the hacks charged in a sworn statement that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server was allegedly based in Los Angeles and owned by a company whose data centre was used by NSO, which is said to have logs, including targeted users’ IP addresses, at its disposal.
NSO said in legal filings that it has no idea how government clients use its hacking tools, and therefore does not know who exactly they are targeting.
In comments to The Guardian, NSO defended its earlier statement praising its digital brainchildren:
“Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients”, the company said, stressing that their “past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate”. It added that the company’s management is preparing a formal response to the court files in the near future.
NSO is meanwhile in the public crosshairs over it latest product - a reportedly US-marketed tracking program specially meant for those infected with COVID-19. The new program, called Fleming, uses mobile phone data and public health information to identify the whereabouts of corona patients and whom they have come into contact with.