The shadowy firm behind WhatsApp hack is involved in 100 other spyware attacks
Nov 1, 2019, 14:35 IST
- The NSO Group has been identified as the actor behind 100 more spyware attacks across 20 countries by Citizen Lab.
- The research laboratory believes that the ‘reckless abuse’ of NSO Group software, Pegasus, even stands out ahead of other spyware firms.
- Missed calls are only one way that Pegasus can bypass security infrastructure. Its full potential is still unknown.
Advertisement
Facebook might be suing the NSO Group — also known as Q Cyber Technologies — for hacking into WhatsApp. But it seems the security firm from Israel might be responsible for a whole lot more around the world. Citizen Lab, an interdisciplinary laboratory based out of the University of Toronto, identified over a hundred new abuse cases where commercial spyware was installed onto phones of unaware victims. Most of these victims are working for human rights.
"As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses," said Citizen Lab in a statement.
The king of spyware
According to the research hub, NSO Group stands out against other spyware agencies in terms of the ‘reckless abuse’ of its spyware.
Their findings show that NSO’s flagship software, Pegasus, has been used to target researchers from Amnesty International, politicians, lawyers, journalists and other influential members of society.
Advertisement
Once Pegasus is installed on a phone it gives the owner of the hack---absolute control. It can execute commands and transfer any data — including passwords, contact lists, calendar events, text messages and live voice calls — without the phone user’s knowledge.
The WhatsApp exploit where Pegasus can infiltrate the system through a missed call is only one way for NSO to break through software. It’s true abilities can employ multiple vectors to hack into devices like phishing messages and fake package notifications. It’s full capabilities are still hidden from the public.
NSO’s new owner, Novalpina Capital, has promised to employ new oversight to keep abusive hacks at bay and usher in a new era of oversight. But the investigation by Citizen Lab shows that abuse is still on the charts.
See also:
Jeff Bezos’ intimate messages, data from drug cartels, Jamal Kashoggi — the many things Pegasus is suspected of hacking before WhatsApp
Here’s why Facebook is suing the NSO Group over the WhatsApp hack
Advertisement
WhatsApp confirms Indian activists and journalists were hacked as NSO claims it’s 'contractually prohibited'