WhatsApp sued Israeli surveillance firm NSO Group on Tuesday, accusing it of helping government spies break into the phones of roughly 1,400 users across four continents in a hacking spree whose targets included diplomats, political dissidents, journalists and senior government officials.
In a lawsuit filed in federal court in San Francisco, messaging service WhatsApp, which is owned by Facebook Inc (FB.O), accused NSO of facilitating government hacking sprees in 20 countries. Mexico, the United Arab Emirates and Bahrain were the only countries identified.
WhatsApp said in a statement that 100 civil society members had been targeted, and called it “an unmistakable pattern of abuse.”
NSO denied the allegations.
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” NSO said in a statement. “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime.”
WhatsApp said the attack exploited its video calling system in order to send malware to the mobile devices of a number of users. The malware would allow NSO’s clients - said to be governments and intelligence organizations - to secretly spy on a phone’s owner, opening their digital lives up to official scrutiny.
WhatsApp is used by some 1.5 billion people monthly and has often touted a high level of security, including end-to-end encrypted messages that cannot be deciphered by WhatsApp or other third parties.
Citizen Lab, a cybersecurity research laboratory based at the University of Toronto that worked with WhatsApp to investigate the phone hacking, told Reuters that the targets included well-known television personalities, prominent women who had been subjected to online hate campaigns and people who had faced “assassination attempts and threats of violence.”
Neither Citizen Lab nor WhatsApp identified the targets by name.
Governments have increasingly turned to sophisticated hacking software as officials seek to push their surveillance power into the furthest corners of their citizens’ digital lives.
Companies like NSO say their technology enables officials to circumvent the encryption that increasingly protects the data held on phones and other devices. But governments only rarely talk about their capabilities publicly, meaning that the digital intrusions like the ones that affected WhatsApp typically happen in the shadows.
Lawyer Scott Watnik called WhatsApp’s move “entirely unprecedented,” explaining that major service providers tended to shy away from litigation for fear of “opening up the hood” and revealing too much about their digital security. He said other firms would be watching the progress of the suit with interest.
“It could certainly set a precedent,” said Watnik, who chairs the cybersecurity practice at the Wilk Auslander law firm in New York.
The lawsuit seeks to have NSO barred from accessing or attempting to access WhatsApp and Facebook’s services and seeks unspecified damages.
NSO’s phone hacking software has already been implicated in a series of human rights abuses across Latin America and the Middle East, including a sprawling espionage scandal in Panama and an attempt to spy on an employee of the London-based rights group Amnesty International.
NSO came under particularly harsh scrutiny over the allegation that its spyware played a role in the death of Washington Post journalist Jamal Khashoggi, who was murdered at the Saudi Consulate in Istanbul a little over a year ago.
Khashoggi’s friend Omar Abdulaziz is one of seven activists and journalists who have taken the spyware firm to court in Israel and Cyprus over allegations that their phones were compromised using NSO technology. Amnesty has also filed a lawsuit, demanding that the Israeli Ministry of Defense revoke NSO’s export license to “stop it profiting from state-sponsored repression.”
NSO has recently tried to clean up its image after it was bought by London-based private equity firm Novalpina Capital earlier this year. In August, NSO co-founder Shalev Hulio appeared on “60 Minutes” and boasted his spyware had saved “tens of thousands of people.” He provided no details.
NSO has also brought on a series of high-profile advisers, including former Pennsylvania Governor Tom Ridge and Juliette Kayyem, a senior lecturer in international security at Harvard University. Last month, NSO announced it would begin abiding by U.N. guidelines on human rights abuses.