Five months after Facebook announced that a vulnerability allowed spyware to be injected into a user’s phone through WhatsApp, we are finally learning more about the identity of the targets and how the attacks were carried out.
An investigation conducted by WhatsApp and Citizen Lab revealed that a total of 1400+ individuals were targeted, out of whom over 100 have already been identified as members of civil society (human rights defenders, activists, journalists).
The investigation found enough evidence to attribute the attack to NSO Group, a known peddler of spyware to governments around the globe. This is not the first time NSO Group spyware has been found to target members of the civil society. Access Now and other NGOs have repeatedly denounced the lack of human rights protections and safeguards for the products NSO sells.
Today, we reiterate our call for accountability. Governments hold the primary duty to prevent and remedy violations of human rights involving private companies. Israel, where NSO Group is headquartered, and the U.K., where its owner Novalpina is based, must take immediate action to forestall more violations.
“Companies, too, have a duty to respect human rights and help remedy violations which they cause, contribute, and are linked to,” said Peter Micek, General Counsel at Access Now.
In this case, the direct burden falls on the spyware vendors to change their ways. But we also call on large platforms to review their policies and engage their legal, engineering, public policy, and business development teams to assist civil society and government in keeping users safe and identifying, attributing, and mitigating threats posed by other companies. Working with Citizen Lab to investigate the attacks, giving notice to its users, and taking legal action, WhatsApp has set a strong precedent in this case that we can build on with the entire sector.
People targeted by spyware have the most to lose when their security and privacy are compromised; therefore, we must hold both governments and corporations accountable to ensure that human rights abuses do not continue with impunity.