In a recent hearing related to the ongoing lawsuit between Meta-owned WhatsApp and Israeli spyware maker NSO Group, it was revealed that the governments of Mexico, Saudi Arabia, and Uzbekistan were implicated in a 2019 hacking campaign that targeted over 1,200 users of WhatsApp using NSO’s Pegasus spyware. NSO’s attorney, Joe Akrotirianakis, disclosed these allegations in court, marking the first time NSO has explicitly named its clientele after years of refraining from divulging such information.
The legal action initiated by WhatsApp accused NSO Group of exploiting a vulnerability in its systems, which reportedly allowed hackers to breach around 1,400 accounts between April and May 2019. Notably, WhatsApp’s complaint highlighted that many of the hacking victims were human rights advocates, journalists, and prominent figures in civil society, supported by findings from Citizen Lab, a group dedicated to monitoring government spyware abuses.
During the hearing, Akrotirianakis acknowledged the presence of at least eight NSO customers as part of the discovery phase of the lawsuit, although he only explicitly named Mexico, Saudi Arabia, and Uzbekistan at that time. He also indicated that a recent court document unveiled a list of countries where the 1,223 victims were located, which could correlate with NSO’s customer base. Akrotirianakis remarked that the use of Pegasus was restricted to the territories where it was licensed, although there have been instances where NSO’s clients targeted individuals beyond their jurisdictions.
Countries such as Bahrain, India, and the United Kingdom were mentioned in a broader list of NSO customers. While Saudi Arabia was specifically named by NSO’s lawyer, it did not appear in the list of countries provided in court documentation.
WhatsApp spokesperson Zade Alsawah has expressed anticipation for the trial, aimed at determining damages and securing an injunction to safeguard user privacy against NSO’s actions. In a pre-trial order, the presiding judge noted that while NSO acknowledged the existence of documentation identifying at least four of its customers, there has been no public confirmation regarding their identities. The judge also commented on the obscurity of the evidentiary record linking specific clients to the attacks, suggesting that the information relied on included media reports rather than direct admissions from NSO.
This case has drawn substantial attention to the misuse of surveillance technologies, particularly against journalists, activists, and human rights defenders, with organizations like Citizen Lab and Amnesty International continuously reporting incidents of Pegasus being used for invasive monitoring.
As the courtroom drama unfolds, TechCrunch reached out to the embassies of the implicated nations for comments and will provide updates as new information surfaces.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
