Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday October 30 2019, @07:56PM   Printer-friendly
from the good-luck dept.

Arthur T Knackerbracket has found the following story:

Facebook and its WhatsApp messenger division on Tuesday sued Israel-based spyware maker NSO Group. This is an unprecedented legal action that takes aim at the unregulated industry that sells sophisticated malware services to governments around the world. NSO vigorously denied the allegations.

Over an 11-day span in late April and early May, the suit alleges, NSO targeted about 1,400 mobile phones that belonged to attorneys, journalists, human-rights activists, political dissidents, diplomats, and senior foreign government officials. To infect the targets with NSO's advanced and full-featured spyware, the company exploited a critical WhatsApp vulnerability that worked against both iOS and Android devices. The clickless exploit was delivered when attackers made a video call. Targets need not have answered the call or taken any other action to be infected.

According to the complaint, NSO created WhatsApp accounts starting in January 2018 that initiated calls through WhatsApp servers and injected malicious code into the memory of targeted devices. The targeted phones would then use WhatsApp servers to connect to malicious servers allegedly maintained by NSO. The complaint, filed in federal court for the Northern District of California, stated:

In order to compromise the Target Devices, Defendants routed and caused to be routed malicious code through Plaintiffs' servers—including Signaling Servers and Relay Servers—concealed within part of the normal network protocol. WhatsApp's Signaling Servers facilitated the initiation of calls between different devices using the WhatsApp Service. WhatsApp's Relay Servers facilitated certain data transmissions over the WhatsApp Service. Defendants were not authorized to use Plaintiffs' servers in this manner.

Between approximately April and May 2019, Defendants used and caused to be used, without authorization, WhatsApp Signaling Servers, in an effort to compromise Target Devices. To avoid the technical restrictions built into WhatsApp Signaling Servers, Defendants formatted call initiation messages containing malicious code to appear like a legitimate call and concealed the code within call settings. Disguising the malicious code as call settings enabled Defendants to deliver it to the Target Device and made the malicious code appear as if it originated from WhatsApp Signaling Servers. Once Defendants' calls were delivered to the Target Device, they injected the malicious code into the memory of the Target Device—even when the Target User did not answer the call.

[...] Critics of the spyware industry have long said that NSO and its competitors sell products and services to oppressive governments that use them to target attorneys, journalists, human-rights advocates, and other groups that pose no legitimate threat. Citizen Lab, a University of Toronto research group that tracks hacking campaigns sponsored by governments, volunteered to help Facebook and WhatsApp investigate the attacks on its users. Citizen Lab said among those targeted in the campaign were 100 members of "civil society" from 20 countries.

Besides Facebook and WhatsApp apps and servers, NSO allegedly used servers owned by Amazon Web Services and smaller hosts Choopa and Quadrant. The leased servers connected targeted devices to a network of remote servers that were designed to distribute malware and send commands to devices once they were infected. Tuesday's complaint said that an IP address assigned to one of the malicious servers was previously used by a subdomain operated by NSO.

Now that Facebook and WhatsApp have taken the unprecedented step of suing a spyware provider for using its servers to target its users, it will be interesting to see if Amazon and the other server hosts mentioned in the complaint follow suit. So far, they haven't responded to emails seeking comment.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Fluffeh on Wednesday October 30 2019, @08:57PM (13 children)

    by Fluffeh (954) Subscriber Badge on Wednesday October 30 2019, @08:57PM (#913873) Journal

    I'd like to know why these blatant crimes aren't being prosecuted by state actors. The US should care if its citizens are being spied on. Same goes for any other country out there. Pretty sure every single country has anti-hacking laws that have been broken here.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Funny=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2, Interesting) by fustakrakich on Wednesday October 30 2019, @09:14PM (8 children)

    by fustakrakich (6150) on Wednesday October 30 2019, @09:14PM (#913887) Journal

    I'd like to know why these blatant crimes aren't being prosecuted by state actors.

    1) Maybe they are being perpetrated by state actors, and/or

    2) Professional courtesy

    --
    La politica e i criminali sono la stessa cosa..
    • (Score: 2) by Mojibake Tengu on Wednesday October 30 2019, @09:37PM (7 children)

      by Mojibake Tengu (8598) on Wednesday October 30 2019, @09:37PM (#913893) Journal

      NSO Group is a spawnling of Unit 8200. That's no secret, but a two-clicks-verifiable fact.

      --
      Respect Authorities. Know your social status. Woke responsibly.
      • (Score: 1, Disagree) by fustakrakich on Wednesday October 30 2019, @10:14PM (6 children)

        by fustakrakich (6150) on Wednesday October 30 2019, @10:14PM (#913905) Journal

        Nothing is verifiable. On today's internet, even simple arithmetic is a disputed conspiracy theory.

        --
        La politica e i criminali sono la stessa cosa..
        • (Score: 3, Informative) by c0lo on Thursday October 31 2019, @06:12AM (5 children)

          by c0lo (156) Subscriber Badge on Thursday October 31 2019, @06:12AM (#914043) Journal

          On today's internet, even simple arithmetic is a disputed conspiracy theory.

          When it comes to simple internet arithmetic, only the alt-right doesn't add up.
          First, they are divided to the point of self-inconsistency.
          Then, they get even the multiplication wrong, which is not odd at all. Letting aside the ignorable truncation errors like Anglin and Yeahnahprickouless failures, just look at Bannon failing to recruit European loons; I don't want to sound like a depreciation, but one could say his efforts generate so little traction that one may call it sub-traction. Better write off all that.

          for more information, consult aristarchus' submissions

          Now, alt-right aside, the reminder of the internet seems pretty sane. Arithmetic-wise, that is.

          (large grin)

          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
          • (Score: 1) by fustakrakich on Thursday October 31 2019, @05:48PM (4 children)

            by fustakrakich (6150) on Thursday October 31 2019, @05:48PM (#914252) Journal

            When it comes to simple internet arithmetic, only the alt-right doesn't add up.

            Neither do democrats and republicans, but they win. The problem isn't the organizations themselves, it's the credibility given to them by the audience.

            --
            La politica e i criminali sono la stessa cosa..
            • (Score: 0) by Anonymous Coward on Thursday October 31 2019, @09:16PM (3 children)

              by Anonymous Coward on Thursday October 31 2019, @09:16PM (#914335)

              Neither do democrats and republicans,

              True, they add down, at the bottom line. And the result is a negative for the society.

              The problem isn't the organizations themselves, it's the credibility given to them by the audience.

              Is this a problem? Why and for who?

              • (Score: 0) by Anonymous Coward on Friday November 01 2019, @12:40AM (2 children)

                by Anonymous Coward on Friday November 01 2019, @12:40AM (#914401)

                Is this a problem? Why and for who?

                When the majority chooses to believe in false gods and worship golden calves, it complicates things for those who know better.

                • (Score: 0) by Anonymous Coward on Friday November 01 2019, @09:31AM (1 child)

                  by Anonymous Coward on Friday November 01 2019, @09:31AM (#914514)

                  it complicates things for those who know better.

                  Good. Because those who know better are delusional and I don't want to live the hell paved with their good intentions.
                  Don't get me wrong, I know we'll all live the hell no matter what; it's just from pragmatic reason, paving it with good intentions is such a waste of resources.

                  (large grin)

                  • (Score: 0) by Anonymous Coward on Friday November 01 2019, @02:12PM

                    by Anonymous Coward on Friday November 01 2019, @02:12PM (#914578)

                    I know we'll all live the hell no matter what

                    So, don't even try, eh? Sorry, I'm one of those people that at least want a comfortable ride, a Bentley, not a beater, and on pavement, not a donkey trail.

  • (Score: 1) by Sally_G on Thursday October 31 2019, @03:42AM (1 child)

    by Sally_G (8170) on Thursday October 31 2019, @03:42AM (#914014)

    When one state actor prosecutes another state actor, isn't that called a war?

    • (Score: 1) by fustakrakich on Thursday October 31 2019, @05:52PM

      by fustakrakich (6150) on Thursday October 31 2019, @05:52PM (#914254) Journal

      A very famous movie was written around that theme:

      "What do you call it when the assassins accuse the assassin? They lie. They lie, and we have to be merciful, for those who lie."
      --
      La politica e i criminali sono la stessa cosa..
  • (Score: 3, Funny) by jmichaelhudsondotnet on Thursday October 31 2019, @04:23PM (1 child)

    by jmichaelhudsondotnet (8122) on Thursday October 31 2019, @04:23PM (#914202) Journal

    Israel is trying to take over the united states and europe by first taking over their networks, and this is part of their attack on the immune system as all forms of functioning civil society in the united states are obstacles to their plans.

    When a foreign country is attacking your journalists, they arent your allies.

    At this point I am really grasping at straws how any actual people paid to defend the united states get up in the morning or fall asleep at night. Did some memo go out 'we are letting israelis do whatever they want, we're moving all of our brainwork out of country because americans are too stupid to defend ourselves.'

    Oh yeah, and epstein, leave that guy alone, real nice guy.

    It is a sad world to live in having to hear so much propaganda on how great the military and how israel is our ally, etc etc etc, then this shit.

    Fustareich and another several sn posters think it is best of all possible worlds, just par for the course, dont worry your pretty head. Gosh they sure do seem supercommitted to that narrative.

    But to me it looks like a power grab and they are committing to it, because they will never have a more pliable commander in chief. It looks like they are setting up another 911, silly shark stories on CNN, huge scandals that wont go away to the point they can hardly make up enough shaggy dog 1001 arabian nights stories to distract from it.

    thesesystemsarefaling.net

    • (Score: 1) by fustakrakich on Thursday October 31 2019, @05:54PM

      by fustakrakich (6150) on Thursday October 31 2019, @05:54PM (#914255) Journal

      :-) Well, good morning to you too! You're in top form today...

      --
      La politica e i criminali sono la stessa cosa..