abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Article

20 May 2020

Author:
Joseph Cox, Motherboard

NSO Group impersonated Facebook to help clients hack targets

Israeli surveillance firm NSO Group created a web domain that looked as if it belonged to Facebook's security team to entice targets to click on links that would install the company's powerful cell phone hacking technology, according to data analyzed by Motherboard... It is not uncommon for hackers working for governments to impersonate Facebook... NSO is currently embroiled in a lawsuit with Facebook, which is suing the surveillance firm for leveraging a vulnerability in WhatsApp to let NSO clients remotely hack phones. Motherboard has also found more evidence that NSO used infrastructure based in the United States; a server used by NSO's system to deliver malware was owned by Amazon.

... A former NSO employee provided Motherboard with the IP address of a server setup to infect phones with NSO's Pegasus hacking tool... John Scott-Railton, a senior researcher from Citizen Lab, told Motherboard that the information provided by the former employee does appear to be NSO infrastructure. Facebook told Motherboard it gained ownership of the domain to stop others from misusing it... Motherboard recently revealed NSO tried to sell its hacking technology to local U.S. police, and that an NSO employee abused access to an installation of the Pegasus tool in the United Arab Emirates to target a love interest... Amazon did not respond to a request for comment asking if NSO has violated Amazon's terms of service by using its web servers to launch malware.

Privacy information

This site uses cookies and other web storage technologies. You can set your privacy choices below. Changes will take effect immediately.

For more information on our use of web storage, please refer to our Data Usage and Cookies Policy

Strictly necessary storage

ON
OFF

Necessary storage enables core site functionality. This site cannot function without it, so it can only be disabled by changing settings in your browser.

Analytics cookie

ON
OFF

When you access our website we use Google Analytics to collect information on your visit. Accepting this cookie will allow us to understand more details about your journey, and improve how we surface information. All analytics information is anonymous and we do not use it to identify you. Google provides a Google Analytics opt-out add on for all popular browsers.

Promotional cookies

ON
OFF

We share news and updates on business and human rights through third party platforms, including social media and search engines. These cookies help us to understand the performance of these promotions.

Your privacy choices for this site

This site uses cookies and other web storage technologies to enhance your experience beyond necessary core functionality.