#Privacy: WhatsApp sues Israeli firm over alleged hack

A lawsuit has been launched against the Israeli surveillance company, NSO Group, over claims that it was behind cyber-attacks infecting users with malware.

The NSO Group is being accused of being responsible for a series of sophisticated cyber-attacks which resulted in malware being sent to roughly 1,400 users from 20 different countries, between a two week period.

WhatsApp believes that the affected users included journalists, political dissidents, diplomats, prominent religious figures and human rights activists.

In the lawsuit, filed on Tuesday in a California court, WhatsApp said the NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices.”

Additionally, it said that the Israeli company had created numerous WhatsApp accounts and allowed the malicious code to be sent over the WhatsApp servers.

In a statement, WhatsApp said: “we believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse.”

The complaint alleges that the NSO Group violated both US and California laws, as well as WhatsApp Terms of Service.

WhatsApp is seeking a permanent injunction blocking the company from using its service, and those of its parent company, Facebook.

“This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users.”

The NSO Group responded stating that it would fight all allegations. In a statement to the BBC, the company said: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them.

“The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/