Advertisement

Facebook: NSO Group used U.S.-based servers in operations against WhatsApp users

NSO Group has used American-based servers to spy on WhatsApp users, Facebook and WhatsApp lawyers allege in court documents filed Thursday.
NSO Group
NSO Group’s spyware has previously been detected in surveillance targeting Moroccans, including one other journalist and an activist that has protested the government’s security forces, according to Amnesty. (Greg Otto/Scoop News Group)

Lawyers for WhatsApp’s parent company alleged in documents filed Thursday that NSO Group, the Israeli software surveillance firm accused of spying on over a thousand WhatsApp users, has used U.S.-based servers to launch its attacks.

In court documents, Facebook-owned WhatsApp claims NSO Group used a server run by Los Angeles-based hosting provider QuadraNet “more than 700 times during the attack to direct NSO’s malware to WhatsApp user devices in April and May 2019.”

Additionally, NSO Group used a remote server hosted by Amazon to target WhatsApp users, WhatsApp software engineer Claudiu Gheorghe said in the filing.

The filing is a blow to NSO Group’s claims that its signature product, Pegasus, isn’t capable of running operations in the United States.

Advertisement

“That invasion of WhatsApp’s servers and users’ devices constitutes unlawful computer hacking at the heart of the [Computer Fraud and Abuse Act]’s unauthorized-access offense,” WhatsApp claims in the filing.

The filing is the latest in a battle that started when WhatsApp sued NSO Group last year over alleged spying on human rights advocates and journalists.

John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto Monk School of Global Affairs and Public Policy, said the filing will likely degrade NSO Group’s argument that it has no operations in the U.S.

“[It’s] going to be hard for NSO to credibly claim that there is no [United States] nexus to their operations when they were busy paying for server space in American data centers,” Scott-Railton said in a tweet. “This filing shows NSO purchasing [and] operating the servers doing the hacking. This makes the company look much more like hacking-as-a-service than software developers.”

An NSO Group spokesperson reiterated its previous claims in a statement shared with CyberScoop Friday.

Advertisement

“NSO Group does not operate the Pegasus software for its clients, nor can it be used against U.S. mobile phone numbers, or against a device within the geographic bounds of the United States,” the spokesperson said when reached for comment on the latest filings.

WhatsApp’s lawyers also worked to refute NSO Group’s arguments that the case should be dismissed over jurisdictional technicalities, as well as the Israeli company’s planned sovereign immunity defense. The Israeli firm has argued that because its customers are governments that use its products for national security reasons, the firm should be immune from the claims.

WhatsApp lawyers say NSO Group has failed to identify “any specific [government] for whom NSO worked — let alone cite a single contract or any evidence establishing NSO’s purportedly limited operational role,” WhatsApp lawyers said in the filing.

“Defendants pin blame on unidentified [governments],” the filing reads. “That argument fails at every turn: Defendants cannot cloak themselves in their putative clients’ immunity; they are accountable for suit in a California court. NSO is neither a sovereign nor immune from the court’s exercise of jurisdiction.”

You can read the full filing below.

Advertisement

[documentcloud url=”http://www.documentcloud.org/documents/6876945-WhatsApp-Filing-April23-2020-3.html” responsive=true]

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts