NSO Group has asked a US court to sanction Facebook for allegedly failing to abide by international law with regards to its lawsuit against the surveillance software maker.

WhatsApp had filed a lawsuit against NSO in October last year. The Facebook unit alleged NSO was behind the cyberattack in 2019 that infected devices with advanced surveillance tools.

But last week NSO failed to show up in court, and a California court clerk entered a notice of default against the firm.

Not filed?

NSO alleged it had not been served in accordance with international law known as the Hague Convention, Reuters reported.

Facebook “lied to the court in their application for default by stating that defendants had been served under the Hague Convention, when in fact, plaintiffs had been told by the government of Israel two days earlier that service under the Hague Convention was not complete, and the application for service needed to be resubmitted,” documents filed by NSO in the Northern District of California court this week reportedly said.

NSO also reportedly asked the court to impose sanctions of nearly $17,000 to cover attorney’s fees and costs.

Meanwhile Facebook also reportedly filed documents this week requesting the court set aside the entry of default so that the case may proceed on merits.

Facebook said it “diligently sought” to serve NSO in accordance with the Hague Convention but Israel’s Central Authority has not yet issued a formal certificate of service.

“The court should decline the defendants’ request to further delay this case,” Facebook was quoted by Reuters as saying in the documents.

NSO allegation that it was not served the lawsuit properly comes after Reuters reported last week that multiple attempts had been made to serve the firm with the lawsuit.

It cited legal documents filed by WhatsApp as its source, as these documents reportedly showed that efforts to serve NSO with legal documents included sending emails to senior executives, FedEx-delivered copies to NSO board members, and even a hand-delivered copy of the lawsuit left with NSO cofounder Omri Lavie’s wife at their New Jersey home.

Spyware allegation

The lawsuit is being closely watched after WhatsApp in May 2019 urged all of its 1.5 billion users to update their software to fix a vulnerability that it said was being actively exploited to implant advanced surveillance tools on users’ devices.

WhatsApp discovered the vulnerability earlier in May 2019 and released a fix. The Financial Times reported in May 2019 that the bug was used to implant spyware developed by NSO, citing an unnamed surveillance software maker as its source.

NSO Group is in the business of developing surveillance tools that are intended for use by governments and law enforcement agencies.

It is alleged that when attackers rang up a target’s phone, the malicious code would automatically infect the device (even if the call was not answered), WhatsApp said in a technical document on the issue.

The attack involved a buffer overflow vulnerability in WhatsApp’s voice over internet protocol (VoIP) stack that allowed remote code execution via a series of specially crafted secure real-time control protocol (SRTCP) packets, WhatsApp said in May 2019.

At the time, WhatsApp acknowledged that the vulnerability had been used to install spyware, without mentioning NSO by name.

It later filed its legal action against the Israeli company in October 2019.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • Of course the real issue is why was there a buffer overflow issue in the first place? Facebook/WhatsApp are not a small business and something like this should not have happened if the product had been designed and tested correctly, buffer overflows are not exactly an unknown vector of attack.
    Isn't the real negligent party here Facebook?

Recent Posts

Bitcoin Value Reaches $63,000 Record High

The value of the Bitcoin cryptocurrency continues to fluctuate, but has now surpassed $63,000 in…

7 hours ago

Iran’s Natanz Cyberattack Blamed On Israel

Second Stuxnet? Iran's Natanz nuclear facility suffered another cyberattack at the weekend, with the finger…

9 hours ago

Google Founders Larry Page, Sergey Brin Personal Fortune Grows

Share surge in Alphabet over the past year allows founders Larry Page and Sergey Brin…

11 hours ago

Apple Teases New Devices With ‘Spring Loaded’ Event

New devices to be revealed next week may include new iPads, AirTags, or even augmented…

13 hours ago

Chip Shortage – Renault To Extend Idle Factories Until September

Three of Renault's four car factories in Spain will be partly idled until end of…

15 hours ago

NHS Website Crashes Briefly Amid Rush For Vaccine Bookings

After the government authorises Covid-19 vaccines for over 45s, NHS booking website crashes briefly under…

15 hours ago