WhatsApp’s recent security glitch led to the issuing of a major software update to its 1.5 billion users, after the chat platform uncovered a trapdoor through which hackers had been installing spyware into WhatsApp programming.
But who could have been behind such an advanced attack? Early speculators said it may be a private organisation working for a foreign regime bent on mass surveillance. Other sources have pointed the finger at Israel.
More specifically, a security developer named NSO Group in the Middle Eastern country is under suspicion – a secretive multi-million-dollar tech firm that pioneers super-specialist cyber surveillance.
One of NSO’s key products is an item of malware called Pegasus which is able to track a user’s mobile phone, and can infect a smart device simply through the opening of a text message which then opens access to the entire phone. Everything – data, messages, images, even user location – becomes available to NSO clients.
This week, the group told CNN that their tech was only used by government agencies, and used solely to fight “crime and terror”.
Around 45 nations may be using Pegasus, researchers in Toronto say, at least six of which (Saudi Arabia, the United Arab Emirates, Bahrain, Mexico, Morocco and Kazakhstan), “have previously been linked to abusive use of spyware to target civil society,” Citizen Lab noted in a report in September.”
CEO of NSO Group, Shalev Hulio, responds:
“All sales are authorized by Israel’s Defense Ministry and are only made to states and their police and law enforcement organizations” and “only for use fighting terrorism and crime.”
He stood by the company’s tools and said that any abuse would lead to the transgressor being disconnected from NSO technology.
“I will say with modesty that thousands of people in Europe owe their lives to the hundreds of workers [we have] in Herzliya,” – the hometown of NSO.
“I reiterate that any use [of our technology] that goes beyond the criteria of saving human lives at risk from crime or terror will prompt our company to take immediate steps, unequivocally and decisively.
Speaking to CNN, cybersecurity expert, Michael Shaulov said that NSO Group would have little power to stop the misuse of the technology were it sold to another country.
“Even when [NSO Group sells] the software to specify the law enforcement agency that specifically bought it, in the case that those guys want to go after what we call illegitimate targets, NSO has no control [over it]. They cannot really prevent it.”
The arrival of Pegasus has placed NSO at the heart of a number of legal cases that accuse the Israeli firm of breaking international laws.
This week, Amnesty International began proceedings in Israel, aiming to have NSO Group’s export license taken away. The organisation put together a petition arguing that NSO was threatening privacy and human freedom rights by continuing to sell Pegasus.
In a statement reported by the Jerusalem Post, NSO said that it “operates according to the law and adheres to a clear ethical policy that is meant to prevent misuse of its technology,”
“NSO only licenses its technology to approved government intelligence and law enforcement agencies for the sole purpose of preventing and fighting crime and terror, according to clear definitions,” the statement read.
European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.