WhatsApp just took a hard new line against the malware industry, suing notorious Israeli surveillance contractor NSO Group for attacks on more than a thousand of its users. The case could mark a turning point in Silicon Valley's fight against private-sector espionage mercenaries. But before it can convince a court that NSO engaged in criminal hacking, WhatsApp may have to win a thorny legal argument—one that legal experts say could require some creative contortions.
On Tuesday afternoon, WhatsApp published a statement accusing NSO of targeting 1,400 of its users, including at least 100 members of "civil society" such as journalists and human-rights defenders, with malicious voice calls designed to infect targeted phones with malware and steal messages despite WhatsApp's end-to-end encryption. Those numbers would represent a new scale for NSO, whose malware has already been linked to attacks against activists ranging from the now-imprisoned United Arab Emirates dissident Ahmed Mansoor to Mexican activists opposing a soda tax.
WhatsApp paired its statement with a lawsuit in a Ninth Circuit court, accusing NSO of violating the Computer Fraud and Abuse Act, as well as state-level charges including breach of contract and interfering with their property. The case represents a bold attempt to use the CFAA in an unusual way: to punish not just hackers who breach a company's computers, but those who exploit its software to breach the computers of its users.
But some hacking-focused lawyers who have analyzed WhatsApp's complaint warn that—noble as its attempt to slap back NSO and protect its users may be—its central argument may not fly in court.
That's because, fundamentally, the CF ..
Support the originator by clicking the read the rest link below.
