Meta accused the Israeli spyware vendor NSO Group on Monday of allowing its intrusive surveillance technology to be used to target WhatsApp users, saying the move violated a court order last year banning such practices.
In a blog post, Meta said it would seek to hold the group in contempt after it had detected instances on its popular messaging service of users receiving malicious links that were tied to NSO Group’s technology.
Meta did not say who it believed was responsible for the targeting, but the accusations come as concerns mount across the globe about how governments rely on digital surveillance practices to achieve domestic and international goals. NSO Group has long been seen as a poster child for a largely unregulated spyware industry that caters to the needs of authoritarian regimes.
Already, relations between the United States and Israel have grown more strained as the Iran war has dragged on, and amid renewed U.S. concerns about Israeli spying efforts on senior American officials working on a peace deal with Tehran.
The attempts, known as spear phishing, were unsuccessful and appeared limited to fewer than 10 WhatsApp users largely in Jordan and Lebanon, a Meta representative said, adding that the company became aware of the efforts after would-be victims reported the suspicious activity. Meta did not identify details about the targeted individuals, but it shared domain links that had been used by the perpetrators, including one masquerading as France 24, a state-owned international news and television network based in Paris.
NSO Group, which sells its technology to governments around the world, has long attracted criticism from privacy advocates, in particular over its sophisticated surveillance system known as Pegasus. Had the recipients of the phishing links clicked on them, hackers likely would have gained wide access to the private contents of their phones or WhatsApp accounts. NSO Group’s Pegasus software has also been tied to so-called zero-click attacks that do not require a victim to click on a link to suffer a compromise.
Last May, a federal jury ordered NSO Group to pay Meta $167 million in damages to resolve a six-year legal dispute after NSO hacked 1,400 WhatsApp accounts belonging to journalists, human-rights activists and government officials. The penalty came after a federal judge in Northern California ruled that NSO had violated cybersecurity laws by using its popular Pegasus software to target phones with WhatsApp installed in 20 countries. The amount of damages owed by NSO was later reduced to $4 million.
NSO Group did not respond to a request for comment. The company has typically defended its technology and business practices by arguing that it only sells to certain government agencies that want to deploy its surveillance capabilities to fight crime and terrorism. But various investigations have repeatedly uncovered instances of NSO spyware being used, including by governments in Mexico and the Middle East, to track journalists, dissidents and human rights advocates.
The Biden administration in 2021 placed NSO Group under sanctions that barred American firms from selling technology to the company or its subsidiaries, saying the vendor had acted contrary to the national security interests of the United States. The move was considered a sharp break with Israel at the time, but U.S. officials said it was necessary to counter the largely ungoverned market for global spyware that foreign governments had leveraged to spy on critics and crack down on political opposition. NSO Group has tried to have the decision reversed without success.
Late last year, a group of U.S. investors, including Robert Simonds, a Hollywood producer, bought a controlling stake in NSO Group.
In its blog post, Meta said the newly discovered activity showed that NSO Group should remain blacklisted in the United States.
“When a malicious company on the U.S. government’s entity list continues to defy U.S. courts, existing restrictions must remain firmly in place,” the company said. “Easing them would undermine U.S. national security and put American companies and billions of people worldwide who depend on secure communications at risk.”
Privacy groups said the new hacking attempts on WhatsApp demonstrated the continued risks to digital security posed by spyware companies.
NSO Group “is doing an amazing job making the argument that they should stay sanctioned and face more consequences,” said John Scott-Railton, a senior researcher at The Citizen Lab, a research unit at the University of Toronto that specializes in tracking global surveillance practices. The group aided Meta’s past investigations into how NSO Group’s spyware was being used on WhatsApp.
www.nytimes.com