This week WhatsApp users were on high alert after an attack was launched which could install spyware with just a missed call. The vulnerability was swiftly patched but it’s not yet clear how many people were affected by the attack.
Now the Israeli firm linked to that attack is under further scrutiny, as they are facing a lawsuit from human rights NGO Amnesty International. The lawsuit is being filed in Israel and alleges that software created by NSO Group, a cyber intelligence technology firm, has been used to surveil Amnesty staff and other human rights defenders.
The NSO Group software in question, called Pegasus, can be used to take control of a targeted mobile phone, to copy its data, and even to turn on the microphone to turn the phone into a listening device. Many of NSO Group’s customers are governments which say they want the software to surveil terrorists and to combat serious crime. But this week’s WhatsApp attack shows that the software has been let loose on ordinary members of the public as well.
The affidavit from Amnesty submitted to the court claims that NGO Group’s software is being specifically used against human rights defenders, including attempted attacks on staff at Amnesty. It alleges that there are an “abundance of reports pointing to governments’ deployment of the Pegasus spyware platform to surveil human rights defenders” and that NSO Group has failed in its duty to undertake “adequate due diligence and corrective measures or other steps to prevent such foreseeable misuses of its products.”
The lawsuit called for the NSO Group’s license to export software to be revoked, not because the company itself is taking part in surveillance, but because it has not taken sufficient care to ensure its software is not being used in an abusive way. “NSO Group has a responsibility to respect human rights,” the affidavit states. “By failing to investigate — or turning a blind eye to — evidence of human rights violations committed using its products, and continuing to sell its products to regimes known to repress human rights defenders, NSO Group is not fulfilling its responsibility.”
This is not the first time that NSO Group has been accused of surveilling dissidents. An investigation by the New York Times found that the Pegasus software played a role in the brutal murder of Saudi journalist Jamal Khashoggi.