NSO Group has asked a US court to sanction Facebook for allegedly failing to abide by international law with regards to its lawsuit against the surveillance software maker.
WhatsApp had filed a lawsuit against NSO in October last year. The Facebook unit alleged NSO was behind the cyberattack in 2019 that infected devices with advanced surveillance tools.
But last week NSO failed to show up in court, and a California court clerk entered a notice of default against the firm.
NSO alleged it had not been served in accordance with international law known as the Hague Convention, Reuters reported.
Facebook “lied to the court in their application for default by stating that defendants had been served under the Hague Convention, when in fact, plaintiffs had been told by the government of Israel two days earlier that service under the Hague Convention was not complete, and the application for service needed to be resubmitted,” documents filed by NSO in the Northern District of California court this week reportedly said.
NSO also reportedly asked the court to impose sanctions of nearly $17,000 to cover attorney’s fees and costs.
Meanwhile Facebook also reportedly filed documents this week requesting the court set aside the entry of default so that the case may proceed on merits.
Facebook said it “diligently sought” to serve NSO in accordance with the Hague Convention but Israel’s Central Authority has not yet issued a formal certificate of service.
“The court should decline the defendants’ request to further delay this case,” Facebook was quoted by Reuters as saying in the documents.
NSO allegation that it was not served the lawsuit properly comes after Reuters reported last week that multiple attempts had been made to serve the firm with the lawsuit.
It cited legal documents filed by WhatsApp as its source, as these documents reportedly showed that efforts to serve NSO with legal documents included sending emails to senior executives, FedEx-delivered copies to NSO board members, and even a hand-delivered copy of the lawsuit left with NSO cofounder Omri Lavie’s wife at their New Jersey home.
The lawsuit is being closely watched after WhatsApp in May 2019 urged all of its 1.5 billion users to update their software to fix a vulnerability that it said was being actively exploited to implant advanced surveillance tools on users’ devices.
WhatsApp discovered the vulnerability earlier in May 2019 and released a fix. The Financial Times reported in May 2019 that the bug was used to implant spyware developed by NSO, citing an unnamed surveillance software maker as its source.
NSO Group is in the business of developing surveillance tools that are intended for use by governments and law enforcement agencies.
It is alleged that when attackers rang up a target’s phone, the malicious code would automatically infect the device (even if the call was not answered), WhatsApp said in a technical document on the issue.
The attack involved a buffer overflow vulnerability in WhatsApp’s voice over internet protocol (VoIP) stack that allowed remote code execution via a series of specially crafted secure real-time control protocol (SRTCP) packets, WhatsApp said in May 2019.
At the time, WhatsApp acknowledged that the vulnerability had been used to install spyware, without mentioning NSO by name.
It later filed its legal action against the Israeli company in October 2019.
Do you know all about security? Try our quiz!
Google's dominance of online search is being challenged, after OpenAI unveiled a search prototype tool…
One week after the world's largest IT outage, the head of CrowdStrike says nearly all…
Conflict of interest? Elon Musk to talk with Tesla board about making $5 billion Tesla…
Engineers at Amazon's chip lab in Austin, Texas, are racing ahead to develop cheaper AI…
China woes. Apple's China smartphone shipments decline during the second quarter, dropping it down into…
Oversight Board orders Meta to clarify rules over sexually explicit AI-generated images, after two fake…
View Comments
Of course the real issue is why was there a buffer overflow issue in the first place? Facebook/WhatsApp are not a small business and something like this should not have happened if the product had been designed and tested correctly, buffer overflows are not exactly an unknown vector of attack.
Isn't the real negligent party here Facebook?