NSO Group deeply involved in hacking our users: WhatsApp

Hindustan Times
April 30,2020

In new court filings WhatsApp has alleged that an “Israeli spyware company used US-based servers and was ‘deeply involved’ in carrying out mobile phone hacks of 1,400 WhatsApp users, including senior government officials, journalists, and human rights activists”.
New claims emerging about the NSO Group allege that they are responsible for serious human rights violations, including hacking more than a dozen Indian journalists and Rwandan dissidents.
NSO Group has maintained for years that its spyware is bought by governments to track down terrorists and criminals and they have no knowledge of who exactly these governments are. Reports have it that Mexico and Saudi Arabia have used NSO’s spyware.
The lawsuit filed by WhatsApp last year against NSO Group, first of a kind by any tech company, has revealed more technical details about how Pegasus (the hacking software) is “allegedly deployed against targets”.
In court filings last week, WhatsApp said that its own “investigation into how Pegasus was used against 1,400 users last year showed that servers controlled by NSO Group – not its government clients – were an integral part of how the hacks were executed”.
WhatsApp said that “victims of the hack received phone calls using its messaging app, and were infected with Pegasus”.
WhatsApp then said - “NSO used a network of computers to monitor and update Pegasus after it was implanted on users’ devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers’ operation and use of Pegasus.”
According to WhatsApp, “NSO gained ‘unauthorised access’ to its servers by reverse-engineering the messaging app and then evading the company’s security features that prevent manipulation of the company’s call features”.
As per the court filings, “One WhatsApp engineer who investigated the hacks said in a sworn statement submitted to the court that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data centre was used by NSO”.
NSO has claimed in legal filings that they have no insight into how these government clients use hacking tools and therefore do not know who is being targeted.
One expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp for the case, said - “NSO’s control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted”.
“Whether or not NSO looks at those logs, who knows? But the fact that it could be done is contrary to what they say,” Scott-Railton said.
In a statement to the Guardian, NSO stood by its earlier remarks.
“Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients,” the company said. “Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate.”
The company said it would file a response to the court in the coming days.

Comments

Post a Comment

Popular posts from this blog

ED tracks Swiss Bank A/Cs of Agusta scamster

The Poineer February 10,2019 Rakesh K Singh The Enforcement Directorate (ED) has tracked a dozen Swiss bank accounts in the name of Rajiv Saxena, who is key accused in the Rs 3,600 crore AgustaWestland VVIP chopper scam. The ED has also found out accounts held by  his family members and associates where the kickbacks in the now scrapped deal were allegedly parked. Two bank accounts are in the name of Rajiv Saxena’s  associates Pankaj Jain and Sumita Jain who are also the authorised signatories. The  third is in the name of another associate Ajit Singh Bubber, but Rajiv and his family members are authorised signatories. The remaining nine accounts are largely owned and operated by Rajiv, his family members and associates. Rajiv Saxena was deported by the UAE authorities on January 30 and the ED formally arrested him the next day and a court later granted his remand to the agency. He is currently undergoing custodial interrogation by the ED. The agency had in 2017 arrested his
Read more

J&K Cricket Board Scam: Chargesheet Filed Against Farooq Abdullah, 3 Others By CBI

OUTLOOK July 16, 2018 The agency has levelled charges of criminal conspiracy and criminal breach of trust under the Ranbir Penal Code against Abdullah and three others. The CBI on Monday filed a chargesheet against former Jammu and Kashmir chief minister Farooq Abdullah and three others in a special court in Srinagar in connection with alleged irregularities and misappropriation of funds in the Jammu and Kashmir Cricket Association. After the fall of the Peoples Democratic Party (PDP) and the BJP government, this is the biggest development that has taken place in the state. The National Conference has not reacted to the chargesheet so far. The agency has levelled charges of criminal conspiracy and criminal breach of trust under the Ranbir Penal Code against Abdullah, the then president of JKCA, Md Saleem Khan - the then general secretary, Ahsan Ahmad Mirza - the then treasuer and Bashir Ahmad Misgar, an executive in the J&K Bank. The BCCI gave Rs 112 crore t
Read more

As financial insecurity rises in urban India, so does investment in insurance

Image
Scroll.in March 13, 2020 Urban Indians are becoming less confident about their financial security. Up to 58% of them fret over financial independence post retirement, which is a 4% increase from last year. An equal share of urban Indians worry about meeting their daily medical expenses and sustaining their current lifestyle once they stop working. The findings are part of a survey published by Delhi-based Max Life Insurance in association with London-based consultancy Kantar. The firms surveyed 7,014 respondents in 25 cities, including six metros, nine tier-1 cities, and 10 tier-2 cities, between December 2019 and January 2020. Source: Max Life Insurance via Quartz The trends Source: Max Life Insurance via Quartz Source: Max Life Insurance via Quartz Source: Max Life Insurance via Quartz A significant share of urban Indians also say their families will have no financial support in the event of the breadwinner’s death. In such a scenario, around 57% believe the family sav
Read more