Category Archives: nso group

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware.

The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software.

The Israeli firm is now facing a lawsuit backed by Amnesty International, but the non-governmental organization fears its staff may be under surveillance spyware delivered leveraging the WhatsApp issue.

The lawsuit was filed in Israel by about 50 members and supporters of the human rights group. The organization calls on the Israeli ministry of defence to ban the export of the Pegasus surveillance software developed by NSO Group.

“An affidavit from Amnesty is at the heart of the case, and concludes that “staff of Amnesty International have an ongoing and well-founded fear they may continue to be targeted and ultimately surveilled” after a hacking attempt last year.” reads the post published by The Guardian.

“The Israeli government’s Defence Export Controls Agency has failed to exercise proper oversight “despite serious allegations of abuse”, the affidavit claimed, adding: “Because of DECA’s inaction, NSO Group can continue to sell its software to governments known to target human rights defenders.””

Officially the sale of surveillance software is limited to authorized governments to support investigation of agencies on criminal organizations and terrorist groups.

Unfortunately, its software is known to have been abused to spy on journalists and human rights activists.

In July, Citizen Lab collected evidence of attacks against 175 targets worldwide carried on with the NSO spyware. Citizen Lab uncovered other attacks against individuals in Qatar or Saudi, where the Israeli surveillance software is becoming very popular.

In August, an Amnesty International report confirmed that its experts identified a second human rights activist, in Saudi Arabia, who was targeted with the powerful spyware.

According to Joshua Franco, Amnesty’s head of technology and human rights, the trading of surveillance software is going out-of-control.

On August, the human rights group published a report that provides details on the attack against an employee at Amnesty International. The hackers attempted to compromise the mobile device of a staff member in early June by sending him a WhatsApp message about a protest in front of the Saudi Embassy in Washington.

surveillance Amnesty International NGO spyware

The organization added that such kind of attacks is becoming even more frequent, a growing number of Israeli surveillance software being used to spy on human rights operators and opposition figures in the Middle East and beyond.

Amnesty International traced the malicious link in the message to the surveillance network of the Israeli firm NSO Group.

The Guardian reported that NSO Group already faced many other lawsuits, such as the one backed by Omar Abdulaziz, a Saudi dissident based in Montreal. In December Abdulaziz filed a lawsuit in Israel in which he claimed that his phone was infected with the NSO spyware when he was in regular contact with the journalist Jamal Khashoggi.

In November, Snowden warned of abuse of surveillance software that also had a role in the murder of the Saudi Arabian journalist Jamal Khashoggi.

Khashoggi is believed to have been killed by Saudi Arabi’s agents, and the country has licensed NSO software in 2017, paying $55m for the technology.

NSO said it wants to demonstrate that it is not involved in any abuse of its technology, it prepared a report composed of 26 pages to reply to the accusations made by Amnesty and Citizen Lab.

It is curious that early 2019, a majority stake in NSO was acquired by the London based firm Novalpina Capital, founded by the banker and philanthropist Stephen Peel.

The Guardian reported an excerpt of the reply to Amnesty, signed by Peel, that states that in “almost all” the cases of complaints of human rights abuse raised, the alleged victim of hacking had not been a target or the government in question had acted with “due lawful authority”.

“We believe that the reality is different. We’ve seen them target human rights organisations and no evidence they’ve been able to effectively control governments when complaints have been raised.” replied Danna Ingleton, the deputy director of Amnesty’s technology division.


If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – NSO Group, Amnesty International)

The post Amnesty International filed a lawsuit against Israeli surveillance firm NSO appeared first on Security Affairs.

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device.

Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device.

WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number of users.”

“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” reads the description provided by Facebook.

The WhatsApp zero-day vulnerability is a buffer overflow issue that affects the WhatsApp VOIP stack. The flaw could be exploited by a remote attacker to execute arbitrary code by sending specially crafted SRTCP packets to the targeted mobile device.

Facebook fixed the issue with the release of WhatsApp for Android 2.19.134, WhatsApp Business for Android 2.19.44, WhatsApp for iOS 2.19.51, WhatsApp Business for iOS 2.19.51, WhatsApp for Windows Phone 2.18.348, and WhatsApp for Tizen 2.18.15. Any prior version of the popular instant messaging app is vulnerable. The company also implemented a server-side patch that was deployed at the end of last week.

WhatsApp zero-day

The bad news is that experts are aware of attacks exploiting the WhatsApp zero-day to deliver surveillance software.

The Financial Times reported that the WhatsApp zero-day has been exploited by threat actors to deliver the spyware developed by surveillance firm NSO Group.

The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups, activists, journalists, lawyers, and dissidents. Security experts have detected and analyzed some of the tools in its arsenals, such as the popular Pegasus spyware (for iOS) and Chrysaor (for Android). Chrysaor was used in targeted attacks against journalists and activists, mostly located in Israel, other victims were in Georgia, Turkey, Mexico, the UAE and other countries. Experts believe the Chrysaor espionage 

In September, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

In November, Snowden warned of abuse of surveillance software that also had a role in the murder of the Saudi Arabian journalist Jamal Khashoggi.

Now The Financial Times described a scaring scenario in which attackers were able to exploit the WhatsApp zero-day vulnerability by just making a call to the target device via WhatsApp. The exploitation of the vulnerability doesn’t require the victim’s interaction. In fact, the victim does not need to answer for the vulnerability to be exploited, and it seems that after the attack there is no trace on the device of the malicious incoming calls.

The Financial Times cites the case of an unnamed attorney based in the United Kingdom that was targeted on May 12. The lawyer is involved in a lawsuit filed against NSO by individuals that were targeted with the surveillance software of the company.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” reads a briefing document note for journalists cited by BBC and other media outlets.

Of course, the NSO Group denied any support to government agencies that could have targeted the UK lawyer with its surveillance software.

“NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual,” states NSO group.

Pierluigi Paganini

(SecurityAffairs – WhatsApp Zero-day, Hacking)

The post WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware appeared first on Security Affairs.