NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed cour

Sock Puppet News breaks down the story: Security NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents Lorenzo Franceschi-Bicchierai 12:52 PM PST · November 15, 2024 On Thursday, WhatsApp scored a legal victory by convincing a U.S. federal judge to publicly release three court documents that include new revelations about the inner workings of Pegasus, the spyware made by Israeli surveillance tech maker NSO Group. The newly unsealed documents include information coming from depositions of NSO employees during the legal proceedings, internal company documents, as well as — ironically — WhatsApp messages exchanged between NSO employees, which WhatsApp obtained by sending subpoenas to NSO. The documents also reveal that NSO disconnected 10 government customers in recent years from accessing the Pegasus spyware, citing abuse of its service. This release of new revelations is the latest development in the lawsuit that WhatsApp filed in 2019, accusing NSO of violating the anti-hacking law, the Computer Fraud and Abuse Act, and breaching WhatsApp’s terms of service, by accessing WhatsApp servers and targeting individual users with spyware sent over the chat app. The accusations are based on a series of cyberattacks against WhatsApp users, including journalists, dissidents, and human rights advocates. “The evidence unveiled shows exactly how NSO’s operations violated U.S. law and launched their cyber-attacks against journalists, human rights activists and civil society,” WhatsApp spokesperson Zade Alsawah said in a statement sent to TechCrunch. “We are going to continue working to hold NSO accountable and protect our users.” ‘Tens of thousands’ of potential targets According to the court documents, seen by TechCrunch, NSO had developed a suite of hacking tools to be used against targets using WhatsApp, capable of accessing private data on the target’s phone. The hacking suite was called “Hummingbird,” and two of the suite’s exploits were dubbed “Eden” and “Heaven.” This suite cost NSO’s government customers — namely police departments and intelligence agencies — up to $6.8 million for a one-year license, and netted NSO “at least $31 million in revenue in 2019, according to one of the court documents. Thanks to these hacking tools, NSO installed Pegasus on “between hundreds and tens of thousands” of target devices, according to a deposition by NSO’s head of research and development Tamir Gazneli. Until now, it wasn’t clear who was actually sending the malicious WhatsApp messages to target individuals with spyware. For years, NSO has claimed to have no knowledge of customers’ operations, and not be involved in carrying out the targeted cyberattacks. The newly released court documents cast doubt on some of NSO’s claims. WhatsApp argued in one of the court documents that, “NSO’s customers’ role is minimal,” given that the government customers only needed to input the phone number of the target’s device and, citing an NSO employee, “press Install, and Pegasus will install the agent on the device remotely without any engagement.” “In other words, the customer simply places an order for a target device’s data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus,” WhatsApp argued. The court filings cited an NSO employee as saying it “was our decision whether to trigger [the exploit] using WhatsApp messages or not,” referring to one of the exploits the company offered its customers. When reached for comment, NSO spokesperson Gil Lainer said in a statement to TechCrunch: “NSO stands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system.” “We are confident that these claims, like many others in the past, will be proven wrong in court, and we look forward to the opportunity to do so,” said NSO’s Lainer. NSO’s three exploits targeted WhatsApp users One technique that NSO used to allow its customers to target WhatsApp users, described in one document, was to set up something the company called a “WhatsApp Installation Server,” or WIS, which WhatsApp calls a “fake client.” This was essentially a modified version of the WhatsApp app that NSO developed and used to send messages — including their malicious exploits — to regular WhatsApp users. NSO admitted setting up real WhatsApp accounts for its customers, per one of the court documents. WhatsApp was able to defeat both NSO’s “Eden” and “Heaven” exploits with patches and security updates, according to an internal NSO communication. “Eden/Heaven/Hummingbird R.I.P. announcement,” read a message sent to NSO employees. The court documents show that NSO’s Heaven exploit was active before 2018, and was designed to direct target W..

Published by Lorenzo Franceschi-Bicchierai on November 15, 2024 20:52

Source: TechCrunch