NSO Denies Allegations
Israeli firm NSO Group, a security company, is being accused of impersonating Facebook in an attempt to spread their Pegasus hacking tool. BBC News reported today that the investigative news site, Motherboard, first picked up on the scam. Additionally, Motherboard reports that servers inside the United States were used to assist in the attack. Motherboard notes this information is being provided by a former NSO employee.
Naturally, NSO Group denies the allegations. Facebook and NSO Group are currently in a legal battle. Facebook claims that NSO Group deliberately spread spyware via Facebook owned WhatsApp. NSO stated, “We are incredibly proud of our technology’s role in tackling crime and terrorism, but NSO does not operate any of its products,” a spokesman said in a statement. “As we have repeatedly made clear, NSO products are offered to and operated solely by verified and authorised government agencies.”
Moreover, NSO vehemently denied their association with the scam or even the operation of their own software. NSO representatives are pushing back against the claims.
Pegasus
Pegasus is a particularly invasive form of spyware that, once installed, has access to text messages along with the microphone and camera on your smartphone. It can also tap into your phone’s GPS among other functions.
Facebook alleges the WhatsApp invasion compromised hundreds of phones. Most importantly, the compromise includes human rights activists and journalists. Separately, NSO Group has been accused of providing software to the Saudi government. It is alleged that this is what was used to spy on journalist Jamal Khashoggi before his murder.
The Facebook Battle
Facebook acquired rights to the domains. They did so four years ago in an effort to protect the public. The domains mimicked Facebook’s security team and prompted those who clicked to unsubscribe from emails. Additionally another domain mimicked FedEx delivery and tracking links.
In response to the accusations that servers within the US were used, and NSO spokesman released this statement. “We stand by our previous statements that NSO Group products cannot be used to conduct cyber-surveillance within the United States, and no customer has ever been granted technology that enables targeting phones with US numbers,” a spokesman said.
Facebook stands by its statements. They are continuing with the legal battle. NSO Group, meanwhile, has asked the court in California to dismiss the case. Their argument is that they never use spyware. As a result, Facebook has doubled down on their legal efforts.