Chief executive of WhatsApp, Will Cathcart, is disputing some of the claims NSO Group used to defend themselves.
As accusations mount against malware vendor, NSO Group, NSO Group tried to defend themselves with statements of their own. Those statements have been met with mixed reaction thanks to contradictory comments. Now, some of those comments are being disputed by the Chief Executive of WhatsApp.
As you might recall, WhatsApp sued NSO Group in 2019. At the time, it was described as an “unprecedented” step in taking on those who sell malware. The lawsuit isn’t going very well for NSO Group. Last time we checked in with that suit, NSO Group failed to get a dismissal from the judge.
So, while that case has been ongoing for some time, recent developments have re-ignited interest in the Pegasus malware story. A leak has blown the lid wide open on the extensiveness of who all were potential targets of the malware. In response, Amazon shut down accounts associated with NSO Group. Details slowly emerged including the fact that as many as 50,000 people were potential victims of the malware. Not only that, the malware didn’t just target journalists and activists operating in third world countries, but also world leaders and their inner circles as well.
French President, Emmanuel Macron, pushed for an investigation into the organization. Macron, of course, was one of those cited as a potential target of the malware.
With things spiralling out of control, NSO Group responded by saying things like the 50,000 number was “exaggerated”. They then went on to say that they have no way of telling who potential victims of their malware are, but names that were cited were names that they are totally certain weren’t targets of their malware. That contradiction, of course, raised many eyebrows because it’s kind of contradictory.
WhatsApp Chief Executive, Will Cathcart, is disputing some of these claims. They said that the numbers disclosed actually makes sense based on what they witnessed from their experience with the attacks by the Pegasus malware. From The Guardian:
Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive.
“The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart said in an interview with the Guardian. In addition to the “senior government officials”, WhatsApp found that journalists and human rights activists were targeted in the 2019 attack against its users. Many of the targets in the WhatsApp case, he said, had “no business being under surveillance in any way, shape, or form”.
“This should be a wake up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.”
NSO has also said the data has “no relevance” to the company, and has rejected the reporting by the Pegasus project as “full of wrong assumptions and uncorroborated theories”. It denied that the leaked data represented those targeted for surveillance by the Pegasus software. NSO has called the 50,000 number exaggerated and said it was too large to represent individuals targeted by Pegasus.
But Cathcart questioned NSO’s claim that the figure was in itself “exaggerated”, saying that WhatsApp had recorded an attack against 1,400 users over a two-week period in 2019.
“That tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high,” he said. “That’s why we felt it was so important to raise the concern around this.”
When WhatsApp says it believes its users were “targeted”, it means the company has evidence that an NSO server attempted to install malware on a user’s device.
Between Amazon booting NSO Group from their services, a WhatsApp lawsuit that NSO Group is experiencing setbacks in, and NSO Group’s parent company appearing to be headed for liquidation, it’s easy to wonder if the organization is even going to survive all of this. That is, after all, a lot of pressure focused on one company. Pile on the controversy surrounding the company and you got a picture that isn’t exactly pretty at the moment.
Drew Wilson on Twitter: @icecube85 and Facebook.