Facebook deletes the accounts of NSO Group workers

  News
image_pdfimage_print
Extreme closeup photograph of a computer delete key.

A day after Facebook-owned WhatsApp sued NSO Group, the social media platform has deleted the accounts of employees who work at the Israel-based spyware maker, according to message boards and a security researcher who spoke to one worker.

“Your account has been deleted for not following our terms,” said a message sent to one employee by Facebook-owned Instagram. “You won’t be able to log into this account, and no one else will be able to see it. We’re unable to restore accounts that are deleted for these types of violations.”

A message Instagram sent to an NSO Group employee.
A message Instagram sent to an NSO Group employee.

The action comes after WhatsApp sued NSO Group on Tuesday for allegedly mass exploiting a critical vulnerability that targeted 1,400 devices with spyware. WhatsApp presented evidence that about 100 of the targets were lawyers, dissidents, human-rights advocates, and other members of civil society. The exploits allowed the attackers to install spyware on iOS and Android phones simply by making a video call to the device.

According to WhatsApp, the attackers made the calls from WhatsApp accounts that were created for the purpose of infecting other WhatsApp users. The attackers also relied on WhatsApp servers to communicate with NSO-operated attack servers. The actions, WhatsApp said, violated not just its terms of service, but also the US Computer and Fraud Abuse Act.

The lawsuit seeks, among other things, a permanent injunction barring all NSO employees from “accessing or attempting to access WhatsApp’s or Facebook’s services, platform, and computer systems.”

A message board popular in Israel indicated that the deletion was widespread. “I had just personally verified it (I have friends working there),” one person wrote. “Ninety-eight percent of the company employees were blocked.”

Another person who claimed to work at NSO responded to say he or she hadn’t been blocked. Another person claiming to be an NSO employee complained bitterly on LinkedIn. An Israel-based security researcher who spoke to an NSO employee said the deletions affected a much smaller percentage of the company’s employees and didn’t involve WhatsApp accounts.

After this post went live, a Facebook representative said people whose accounts were deleted will have an opportunity to appeal the move and potentially have their accounts restored. NSO representatives declined to comment.

Post updated to remove the words “permanent” and “permanently” after Facebook said the deletions are subject to an appeal process.

https://arstechnica.com/?p=1594003