NSO Group: Israeli firm ‘impersonated Facebook to spread spyware’
According to a new report, the Israeli security company NSO Group impersonated Facebook as part of a ploy to convince users to install its telephone hacking software.
An investigation by the news site Motherboard says that a Facebook security look-alike domain has been established to popularize the NSO PSO hack tool.
He also claimed to have found evidence that servers within the United States were used to popularize the espionage tool.
NSO denies the allegations, labeling them “recycled guesswork”.
Once installed, Pegasus spyware can read text messages and other data on your phone, track its location with GPS and access the microphone and video camera.
The Israeli company is already stuck in a legal battle with Facebook, which claims to have deliberately released its software on WhatsApp, compromising hundreds of phones, including those of journalists and human rights activists. He is also separately accused of providing software to the Saudi government that would have been used to spy on journalist Jamal Khashoggi before he was killed.
The NSO-backed Facebook complaint handled spyware itself. But the NSO asked the California court to close the case, in part because it claims it never uses its spyware – only sovereign governments do.
- WhatsApp sues the Israeli firm for hacking allegations
- The Israeli spyware firm promises to be Covid-19’s savior
The motherboard’s latest investigation revolves around a former NSO employee who is said to have provided him with details of a server allegedly designed to distribute spyware by causing people to click on links.
The server being tested has been linked to several different web addresses for a number of years, including one impersonating the Facebook security team, the motherboard report said.
Facebook told the BBC that it had acquired ownership of the domain in question four years ago to prevent its misuse.
Other domains used over time included “a link a person could click on to unsubscribe from email or text messages … and package tracking links from FedEx,” reports the motherboard.
“Fight against terrorism”
But NSO fiercely denies having ever used its own products.
“We are incredibly proud of the role of our technology in fighting crime and terrorism, but NSO does not manage any of its products,” said a spokesman in a statement. “As we have repeatedly made clear, NSO products are offered and managed exclusively by verified and authorized government agencies.”
The motherboard also claimed that one of the servers used to launch the malware was located in the United States, which NSO claims is not possible. Facebook has already made similar accusations in the WhatsApp legal case.
“We support our previous claims that NSO group products cannot be used to conduct cyber surveillance in the United States and no customer has ever gotten the technology that allows phones to be addressed with U.S. numbers,” said a spokesman.
The professor. Alan Woodward of the University of Surrey said that the possibility of using US servers to distribute spyware raised “more questions than answers”.
“They seem to have some sort of infrastructure in the United States,” said Prof. Woodward. “The question is whether the United States government is aware of this.”
A Facebook spokesman said: “The NSO group is responsible for cyber attacks against human rights activists, journalists and diplomats, in violation of United States law.
“We are committed to protecting the security of our community and are trying to make them accountable in court.”
NSO said that its official position remained the one it had made in the legal case with Facebook.
“Revisiting and recycling the NSO detractors guess … it doesn’t change the general truth of our position, which we told the United States Federal Court in California,” he said.
“The factual claims about the above have been provided as part of the official court trial, and we currently have nothing more to add.”