In this week’s tech news, Apple has sued an Israeli hacker-for-hire company over the breach of its privacy. In the process, it’s been accused of exploiting a bug in WhatsApp that let hackers access user data. This article examines the lawsuit and explains why the Israeli hacker-for-hire company is behind the incident. It also discusses the breach in the context of Facebook and Meta, which are suing NSO Group for exploiting a WhatsApp bug.
Pegasus spyware infiltrates phones to vacuum up personal and location data
The Pegasus spyware has been linked to the hacking of the phone of a prominent human rights activist and her ex-wife, Princess Haya. It also reportedly infected the phones of attorneys and several heads of state. The Israeli-based NSO Group is responsible for the spyware and has exclusively licensed it to nation-states. Earlier this year, a media consortium reported that the NSO Group had been involved in a number of phone hacks, including those of human rights activists and business executives.
The NSO Group has denied any wrongdoing and maintains that it only sells its products to government agencies. Critics have claimed that it has been used to hack the phones of human rights activists, journalists, and even Catholic clergy. However, the company has been subjected to export controls by the U.S. government and is currently being sued by major technology companies. Security researchers have discovered that Pegasus has been installed in phone systems of human rights activists, journalists, and priests, and are being misused by many countries.
In Mexico alone, the NSO Group has targeted more than two dozen individuals and organizations. These targets range from proponents of the soda tax to opposition politicians, human rights activists investigating mass disappearances, and the widow of a slain journalist. Likewise, Pegasus has targeted journalists and dissidents in the Middle East. The project’s findings reinforce accusations that democratic governments have used such spyware. The project’s members include Le Monde, the Suedeutsche Zeitung, and the New York Times. The researchers promise a series of stories based on the leak.
The Leaked Targeting Data – Researchers found cases where the malware installed on the devices of more than a thousand individuals worldwide – are linked to Israeli government agencies. The NSO Group is the world’s most infamous hacker-for-hire outfit. The hackers systematically tracked more than 1,000 individuals across 50 countries. They used zero-click exploits to collect information about users.
Meta (formerly Facebook) suing NSO Group for exploiting WhatsApp bug
The Israeli hacker-for-hire company, NSO Group, is accused of hacking into the WhatsApp servers and installing spyware on 1,400 devices worldwide. The company has vowed to sue NSO Group for violating the US Computer Fraud and Abuse Act. The lawsuit is the first of its kind filed by an encrypted messaging service.
In the meantime, a UK-based MP, David Cathcart, has called for an immediate moratorium on the use of invasive surveillance technologies. The company has said that its technology is proportionate and is vital to protecting the public. However, it is urging the US government to impose stricter legal oversight of cyber-weapons.
According to Stamos, the company’s software engineer, Claudiu Dan Gheorghe, is a victim of the infamous bug. Stamos was formerly Facebook’s chief security officer and worked at Building 10 in Menlo Park, California. The Romanian software engineer is 35 years old and resembles an actor from “Mr. Robot.” His workspace is open and the workers are hunched over keyboards.
While NSO Group is just one piece of the global cyber-mercenary ecosystem, it’s an important one. A recent suit by Meta (formerly Facebook) against the Israeli hacker-for-hire company NSO Group, which installed Pegasus on 1,400 mobile devices, enables surveillance of human rights activists, says the court.
In addition to Facebook, BellTroX is a popular surveillance-for-hire company. It has been accused of targeting European government officials, Bahamas gambling tycoons, and U.S. investors. BellTroX’s fake accounts impersonate journalists, environmental activists, and other figures. These fake accounts are being used for reconnaissance and social engineering, and to distribute malicious links.
A new report from the Department of Homeland Security outlines the names of the four companies that have been blacklisted for spying. The company’s New York office reportedly has contracts with the U.S. Department of Homeland Security and the Internal Revenue Service. The report says that the Israeli hacker-for-hire company has also targeted activists, politicians, and government officials in Mexico and Hong Kong. The company has already removed about 200 accounts from Facebook and WhatsApp.
The lawsuit alleges that the Israeli hacker-for-hire company “cooked up fake accounts to collect sensitive information” about its victims. The company also said that the fake accounts had been used to sell its “social engineering” services to the public. The company also posed as a news entity and spoof social media accounts. While NSO denied any wrongdoing, Meta is pursuing the legal action against the company for breach of privacy and security.
The lawsuit alleges that Cytrox tailored the attacks to specific targets. The Israeli hacker-for-hire firm targeted specific countries and only infected people who passed technical checks. Meta redirects people who failed these checks to reputable websites. NSO, which owns Cytrox, has also denied selling any spyware to Egypt, according to Citizen Lab.
Apple suing NSO Group
In a lawsuit filed in federal court in California, Apple is attempting to block the Israeli hacker-for-hire company from breaking into Apple products. Apple says that its employees are amoral 21st century mercenaries that used sophisticated cyber-surveillance machinery to target a handful of Apple customers around the world. It also wants to change the way state-sponsored actors operate in the cyberspace.
The case involves an exploit called FORCEDENTRY in iMessage that was used to target nine activists in Bahrain. Attackers created more than 100 bogus Apple IDs and sent malicious data to the victims’ phones. The attacks allowed NSO Group to install spyware and collect personal information. Apple has since patched this zero-day vulnerability. But in the meantime, the company is still suing for damages and for the loss of revenue.