NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents
Reading Time: 4 minutesOn Thursday, WhatsApp scored a legal victory by convincing a U.S. federal judge to publicly release three court documents that include new revelations about the inner workings of Pegasus, the spyware made by Israeli surveillance tech maker NSO Group.
The newly unsealed documents include information coming from depositions of NSO employees during the legal proceedings, internal company documents, as well as — ironically — WhatsApp messages exchanged between NSO employees, which WhatsApp obtained by sending subpoenas to NSO.
The documents also reveal that NSO disconnected 10 government customers in recent years from accessing the Pegasus spyware, citing abuse of its service.
This release of new revelations is the latest development in the lawsuit that WhatsApp filed in 2019, accusing NSO of violating the anti-hacking law, the Computer Fraud and Abuse Act, and breaching WhatsApp’s terms of service, by accessing WhatsApp servers and targeting individual users with spyware sent over the chat app. The accusations are based on a series of cyberattacks against WhatsApp users, including journalists, dissidents, and human rights advocates.
‘Tens of thousands’ of potential targets
This suite cost NSO’s government customers — namely police departments and intelligence agencies — up to $6.8 million for a one-year license, and netted NSO ‘at least $31 million in revenue in 2019, according to one of the court documents.
Thanks to these hacking tools, NSO installed Pegasus on ‘between hundreds and tens of thousands’ of target devices, according to a deposition by NSO’s head of research and development Tamir Gazneli.
Until now, it wasn’t clear who was actually sending the malicious WhatsApp messages to target individuals with spyware. For years, NSO has claimed to have no knowledge of customers’ operations, and not be involved in carrying out the targeted cyberattacks. The newly released court documents cast doubt on some of NSO’s claims.
WhatsApp argued in one of the court documents that, ‘NSO’s customers’ role is minimal,’ given that the government customers only needed to input the phone number of the target’s device and, citing an NSO employee, ‘press Install, and Pegasus will install the agent on the device remotely without any engagement.’
‘In other words, the customer simply places an order for a target device’s data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus,’ WhatsApp argued.
The court filings cited an NSO employee as saying it ‘was our decision whether to trigger [the exploit] using WhatsApp messages or not,’ referring to one of the exploits the company offered its customers.
‘We are confident that these claims, like many others in the past, will be proven wrong in court, and we look forward to the opportunity to do so,’ said NSO’s Lainer.
NSO’s three exploits targeted WhatsApp users
One technique that NSO used to allow its customers to target WhatsApp users, described in one document, was to set up something the company called a ‘WhatsApp Installation Server,’ or WIS which WhatsApp calls a ‘fake client.’ This was essentially a modified version of the WhatsApp app that NSO developed and used to send messages — including their malicious exploits — to regular WhatsApp users. NSO admitted setting up real WhatsApp accounts for its customers, per one of the court documents.
WhatsApp was able to defeat both NSO’s ‘Eden’ and ‘Heaven’ exploits with patches and security updates, according to an internal NSO communication.
‘Eden/Heaven/Hummingbird R.I.P. announcement,’ read a message sent to NSO employees.
The court documents show that NSO’s Heaven exploit was active before 2018, and was designed to direct target WhatsApp devices into communicating with a malicious WhatsApp relay server controlled by NSO.
After WhatsApp patched its systems against NSO’s Heaven exploit, NSO developed a new exploit called ‘Eden,’ which an NSO employee quoted by the court documents said, ‘need[ed] to go through WhatsApp relay servers,’ which the Heaven exploit had sought to avoid. It was the use of the Eden exploit that led to WhatsApp filing its lawsuit against NSO, according to a deposition by another NSO employee.
A third exploit developed by NSO, revealed in the documents, was called ‘Erised,’ a so-called ‘zero-click’ exploit that could compromise a victim’s phone without any interaction from the victim. WhatsApp blocked the use of NSO’s Erised exploit in May 2020, several months after WhatsApp had filed its lawsuit.
Customers cut-off
Another interesting detail that surfaced this week is the admission by one of the NSO employees deposed in the course of the lawsuit that Pegasus was used against Dubai’s Princess Haya, a case that was reported by the The Guardian and The Washington Post in 2021, and later by The New Yorker in 2023.
The same NSO employee said the spyware maker ‘disconnected’ access to Pegasus for 10 customers, citing abuse of the spyware.
At this point in the legal case, WhatsApp is asking the judge to issue a summary judgment in the case, and is awaiting a decision.
Meanwhile, the details that have come out from the lawsuit this week could help other people who have sued NSO in other countries, according to Natalia Krapiva, the tech legal counsel at Access Now, a non-profit that has investigated some cases of abuse carried out with NSO’s spyware.
‘And the fact that NSO hides information also cuts both ways because it also makes it very difficult for them to present a solid defense,’ said Krapiva.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG