Facebook Alleges Israeli Spyware Firm NSO Ran Attack Servers on U.S. Soil

In a clash of espionage giants, NSO argues California court has no jurisdiction to handle Facebook's suit against it

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
The logo of the Israeli NSO Group company on a building where they had offices in Herzliya, Israel, August 25, 2016.
The logo of the Israeli NSO Group company on a building where they had offices in Herzliya, Israel, August 25, 2016.Credit: Daniella Cheslow/AP
Oded Yaron
Oded Yaron

Can Facebook sue the NSO Group and its sister Company Q Cyber in a California court? That is one of the critical questions in a clash of espionage giants in connection with Pegasus software, which exploited a WhatsApp breach to take control of smartphones. In responding to NSO Group’s request to reject the lawsuit out of hand, Facebook attempted on Friday to undermine the Israeli companies' position with evidence gathered during the investigation.

Attorneys on behalf of NSO and Q Cyber made numerous arguments against the suit. They challenged the court’s jurisdiction to handle the lawsuit arguing that the companies involved don’t operate in the United States – a claim that NSO has repeatedly put forward. NSO also claimed that it and Q Cyber are entitled to immunity because they operate in the service of foreign countries. Facebook claims that the Israeli companies are not entitled to such immunity under U.S. law.

One of the most important revelations in the Facebook documents contests NSO claims of never having operated in the United States by showing a large number of affidavits and documents as suggested proof that NSO in effect leased servers from QuadraNet in California, and used them to control and monitor during these attacks.

Facebook representatives said that the company’s conditions of use includes a clause saying that legal proceedings will take place in California. In addition, Facebook said that NSO received funding from a venture capital fund active in California. This argument was in addition to the company’s familiar claim, that the use of WhatsApp servers to attack the software constitutes a violation of the conditions of use of the app, to which NSO was obliged to agree to in order to use it.

“NSO reverse-engineered the WhatsApp app to create an unauthorized program designed to evade technical restrictions on the access and use of the WhatsApp service… Using its own program … NSO gained unauthorized access to WhatsApp servers.”

The Whatsapp application is seen on a smartphone.Credit: בלומברג

The discovery of the servers used by NSO casts a heavy shadow over two of the companies’ basic arguments of not being involved in the attacks and that it in effect has n o idea what was done with its software and infrastructure. As John Scott-Railton, a senior researcher at the Citizen Lab - an academic research facility focused on the study of digital threats to civil society and high-level policy engagement - who has exposed many of Pegasus’ attacks, posted on his Twitter account: “This filing shows NSO purchasing [and] operating the services doing the hacking. This makes the company look much more like a hacking-as-a-service than software developers. This is a gut punch to years of NSO’s claims that it can’t see what its customers are doing.”

The NSO Group repeated its familiar response: “NSO vehemently denies Facebook’s claims. As opposed to the erroneous claims by Facebook, the company does not operate the technology by itself and allows only government bodies to purchase and operate these technologies. The company’s products are not designed to operate in the United States, and are technologically incapable of doing so, nor can they be operated by American phone numbers. All the company’s products were developed for the purpose of saving lives and preventing terror and crime. The company has submitted a request to the California court to remove [the lawsuit] out of hand.”

Click the alert icon to follow topics: