The US Department of Justice is investigating the NSO group following a 2020 ruling that a lawsuit brought by WhatsApp against the Israeli spyware firm can go ahead, The Guardian reported Monday.
According to the report, lawyers from the Department of Justice approached the messaging app with questions regarding the alleged 1,400 users targeted by NSO Group’s government clients in 2019.
WhatsApp is suing NSO Group, accusing it of using the Facebook-owned messaging service to conduct cyber-espionage on journalists, human rights activists, and others.
Tech giants Google, Microsoft, Cisco, and Dell in December joined Facebook in a legal fight against the firm, filing a brief in an American court accusing the NSO Group of having “powerful, and dangerous” technology.
In early 2020 the FBI reportedly opened an investigation against the company, but sources familiar with the matter told The Guardian it had seemed to stall, until recent renewed interest in the case came from the Department of Justice.
It remains unclear what stage the investigation is at, or which suspected hacking targets they are looking into.
NSO Group told The Guardian it was not aware of an investigation, while WhatsApp declined to comment.
NSO has been widely condemned for selling spyware to repressive governments.
The Herzliya-based firm is best known for marketing Pegasus, a highly invasive tool that can reportedly switch on a target’s cellphone camera and microphone and access data, effectively turning the phone into a pocket spy.
The company says it provides its software to governments for the sole purpose of fighting terrorism and crime. But dissidents, journalists, and other opposition figures have repeatedly claimed the company’s technology has been used by repressive governments to spy on them.
NSO claims its software cannot be used on US numbers, but according to Reuters, the FBI is investigating whether the company obtained code from American hackers to infect smartphones.
In December, cybersecurity watchdog Citizen Lab reported dozens of journalists at Al-Jazeera, a Qatari state-owned media company, were targeted by advanced spyware, in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates.
Most unnerving to the investigators was that iMessages were infecting targeted cellphones without the users taking any action. Through push notifications alone, the malware instructed the phones to upload their content to servers linked to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools without even needing to get users to click on suspicious links or threatening texts.
The coordinated attacks on Al-Jazeera, which Citizen Lab described as the largest concentration of phone hacks targeting a single organization, occurred in July, just weeks before the Trump administration announced the normalization of ties between Israel and the UAE, the archrival to Qatar.
Emirati and Saudi authorities did not respond to requests for comment.
The NSO Group cast doubt on Citizen Lab’s accusations in a statement, but said it was “unable to comment on a report that we have not yet seen.” The firm said it provides technology for the sole purpose of enabling “governmental law enforcement agencies to tackle serious organized crime and counterterrorism.” Nevertheless, it added, “when we receive credible evidence of misuse… we take all necessary steps in accordance with our product misuse investigation procedure in order to review the allegations.” NSO does not identify its customers.
Prior to the December report, NSO’s spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents.
Most notably, the spyware was implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in 2018, and whose body has never been found.
Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, sued NSO in an Israeli court over the hacking.