A US judge on Friday ruled that a lawsuit brought by WhatsApp against NSO Group can go ahead, meaning the Israeli spyware firm could be compelled to reveal information about its clients and practices, the Guardian reported.
WhatsApp is suing NSO Group, accusing it of using the Facebook-owned messaging service to conduct cyber-espionage on journalists, human rights activists and others.
The suit filed in a California federal court contended that NSO Group tried to infect approximately 1,400 “target devices” with malicious software to steal valuable information from those using the messaging app.
The accounts said to have been targeted included those of senior government officials, journalists, and human rights activists worldwide.
Judge Phyllis Hamilton reportedly said Friday she had not been fully convinced of NSO Group’s contention that it had no role in the targeting of WhatsApp’s users, but that it appeared the Israeli firm “retained some role” in the targeting of individuals, “even if it was at the direction of their customers.”
The judge said it did not appear to be disputed that the spyware had been used and that the discussion was whether NSO Group’s “sovereign customers” were responsible or whether the firm retained some blame.
WhatsApp welcomed the ruling. “The decision also confirms that WhatsApp will be able to obtain relevant documents and other information about NSO’s practices,” a spokesperson said.
NSO Group said in a statement to the Guardian: “Our legal team is reviewing the court’s decision, so we are not in a position to comment in detail at this time. Our technology is used to save lives and prevent terror and crime worldwide, and we remain confident that our conduct is lawful.”
The lawsuit said the software developed by NSO known as Pegasus was designed to be remotely installed to hijack devices using the Android, iOS, and BlackBerry operating systems.
The complaint said the attackers “reverse-engineered the WhatsApp app and developed a program to enable them to emulate legitimate WhatsApp network traffic in order to transmit malicious code” to take over the devices.
Pegasus allows agents to effectively take control of a phone, surreptitiously controlling its cameras and microphones from remote servers and vacuuming up personal data and geolocations.
NSO Group has previously claimed that it only licenses its software to governments for “fighting crime and terror” and that it investigates credible allegations of misuse, but activists argue the technology has been instead used for human rights abuses.
On Tuesday, the speaker of the Catalan regional parliament demanded the Spanish government launch an official investigation into reports that his cellphone was the target of espionage, allegedly by Spanish security services using NSO software.
A report published by El Pais and The Guardian said Roger Torrent was warned last year that his phone had been targeted by the spyware.
The Spanish and British newspapers cited the US lawsuit involving the spyware but provided no evidence that Torrent’s phone was hacked.
Two other well-known pro-independence figures in Catalonia were also targeted, according to the reports. Catalonia’s efforts to separate from Spain have long been a thorn in the side of Spanish governments.
Spain’s intelligence service, known by its acronym CNI, declined to answer questions about the allegations.
Facebook, which owns WhatsApp, acknowledged attacks happened at the time Torrent’s phone was allegedly targeted, but gave no further details.
In January, independent UN rights experts said that the alleged Saudi hacking of Amazon owner Jeff Bezos’s phone was likely carried out using NSO spyware. Bezos’s phone was reported to have been infiltrated through a WhatsApp account belonging to Saudi Crown Prince Mohammed bin Salman.
The spyware has also been implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in a 2018 incident that has also been linked to Prince Mohammed.
Agencies contributed to this report.