Facebook is suing Israeli N.S.O for tracking at least 100 journalists and human rights activists

Facebook is suing the Israeli NSO following a crackdown on the spyware exploited by a spyware developer, which it says has been used, among other things, to track at least 100 journalists and human rights activists. That's how the tech giant announced. "In May, Wetsap announced that it had identified and blocked a new type of cyberbullying that included a video call service vulnerability," Wetsap Director Will Cathcart said in a Washington Post article. "Now, after months of investigation, we can say with certainty who is behind the attack. Today we filed a lawsuit in a federal court that explains what happened and attributes the breach to the NSO."
Here's how it worked: A user at Whatsap was notified of an alleged incoming video call, but in fact it was a regular call. After the phone rang, the attacker passed a malicious code designed to infect the victim's phone with NSO spy software, Pegasus.
This software provides access to all information on the device and allows the attacker to remotely control and retrieve information in real time. For example, he can secretly operate the microphone and camera and detect in real time after his activity. The victim does not even have to answer the call for the device to be infected.
Facebook also identified the victims of the attack, which she said included at least 100 human-trafficking activists, journalists and other activists in civil society organizations. "It's a wake-up call for tech companies, governments and all internet users," said Cathcart. "Tools that enable our private lives to be tracked are being misused, and getting the technology into the hands of irresponsible companies and governments is putting us all at risk."
In the lawsuit itself, Facebook notes that between April and May of this year, NSO made use of Wetsap servers in the US and other countries to send its spyware to 1,400 phones and mobile devices.
Facebook also notes the federal court in the Northern District of California has jurisdiction to hear the case because the NSO targeted California residents. That's because some of Wastep's servers are located in California.
NSO has previously claimed that it does not conduct surveillance on US phone numbers, a claim that the Facebook indictment is now in doubt. The company also claimed that it does not spy on Israeli numbers.
The prosecution provides a description of how NSO is operating in this case. "About January 2018 to May 2019, the Defendants created Wattsap accounts through which they sent the malicious code to the target devices in April and May 2019," it said. "The accounts are created using phone numbers from different countries, including Caprison, Israel, Brazil, Indonesia, Sweden and the Netherlands.
In 2019, defendants also leased servers in various states, including the United States, to connect the target devices to a network of remote servers designed to distribute the damage and pass orders to the target device. This network included proxy and relay servers ("malicious servers"). Owned by Choopa, Quadranet and Amazon, among others. The IP address of one of these malicious servers was previously linked to defendants. "
According to Facebook, NSO has reverse engineered Wetsap, and developed software that allowed it to forge legitimate traffic on the app's traffic network in order to send the malicious code through the Wetsap servers itself. "The software was sophisticated, and was developed to exploit specific components of the Wetsap protocol and code. To break through, the defendants routed the malicious code through the plaintiffs' servers."
The NSO said: "We firmly reject Facebook's claims."