© Reuters / Dado Ruvic
Facebook-owned WhatsApp messenger has been weaponized to bug the phones of human rights campaigners, lawyers, and other dissidents with an Israeli spyware, sparking a backlash against the program’s manufacturer.
“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” Danna Ingelton, deputy director of Amnesty Tech, said in a statement on Monday. “It’s time to stop the use of NSO Group’s tools to infiltrate, intimidate and silence civil society.”
Amnesty, which was targeted along with several human rights lawyers by the WhatsApp exploit, is working with a group of Israeli citizens and a civil rights group on a legal action to force the Israeli Ministry of Defense to revoke NSO Group’s export license, claiming the company’s flagship product, called Pegasus, is dangerous and prone to abuse – and that NSO deliberately sells it to repressive governments.
After discovering the vulnerability last week, WhatsApp claims it worked “around the clock” to develop a patch to protect users from the exploit, finally releasing the fix on Monday. WhatsApp has also reported the issue to the US Department of Justice, which declined to comment to the Financial Times. The company is not yet aware of how many of its 1.5 billion users were affected by the exploit.
Attackers installed Pegasus on target users’ phones through WhatsApp’s call function, according to the company; users did not even have to answer the call to become infected. Pegasus can turn on a target’s microphone and camera at will, peruse emails and texts, and track location – all without the target’s knowledge.
While NSO claims Pegasus is intended for government usage – its website insists its mission is “developing technology to prevent and investigate terror and crime,” and the company claims it carefully vets customers – a number of activists and human rights campaigners in the Middle East have found themselves on the wrong end of Pegasus attacks. Amnesty International claims “at least 24 human rights defenders, journalists and parliamentarians in Mexico,” an employee, several Saudi activists, an Emirati human rights campaigner, and even (allegedly) Saudi dissident Jamal Khashoggi, whose killers reportedly used the software to track him, have been targeted using Pegasus.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” NSO said, adding that it would not have the ability to target an individual or organization.