WhatsApp: NSO Group Operates Pegasus Spyware for Customers

  /     /     /  
Publicated : 23/11/2024   Category : security


WhatsApp: NSO Group Operates Pegasus Spyware for Customers


Freshly released court documents reveal new details on controversial Israeli spyware firms operations.



Israels NSO Group may know a lot more about how customers use its Pegasus commercial spyware product than the company has let on, newly released court documents connected to a legal dispute with Metas WhatsApp suggest.
In fact, NSO Group installed and operated the spyware on behalf of its customers, making the company directly liable for the spywares use, WhatsApp lawyers said in one court filing,
released Nov. 14
in the US District Court for the Northern District of California.
The court documents are part of a
lawsuit that WhatsApp filed against NSO Group
in October 2019 after discovering the Israeli firm had used WhatsApp servers to distribute Pegasus to some 1,400 mobile phones, including those belonging to journalists and rights activists.
The lawyers also claimed that NSO Group repeatedly developed and used exploits for abusing WhatsApps servers to install Pegasus on target devices, including at least once after WhatsApp had sued the company over the issue.
NSO is solely responsible for Pegasus’s unauthorized access to WhatsApps servers, the social media giant noted in one briefing. Despite what NSO has claimed, its customers had a minimal role in how the spyware tool operated or collected information. All that NSO Group customers typically had to do was enter their targets phone number, press install and wait for the malware to install on the target device without any further interaction, they noted.
In other words, the customer simply places an order for a target devices data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus, WhatsApps lawyers said. The company, in fact, was so aware of how customers were using its malware that it actually disconnected service to 10 customers for excessive abuse, the lawyers claimed.
In an emailed statement, NSOs vice president of global communications, Gil Lainer disputed WhatsApps claims. “NSO stands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system, he said. We are confident that these claims, like many others in the past, will be proven wrong in court, and we look forward to the opportunity to do so.”
Pegasus is a controversial mobile spyware designed to secretly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detection by antivirus software. NSO Group claims to sell the technology solely to authorized government agencies for legitimate law enforcement, crime-fighting, and anti-terror purposes. But critics argue that the tool has been misused, particularly in authoritarian regimes, to
target journalists
,
human rights activists
, political dissidents, and others critical of the government.  
A 2021 database leak revealed that NSO Group customers had, at the time, targeted more than
50,000 phone numbers
for surveillance in countries like Mexico, Hungary, and India. The US government
formally blacklisted the company
in 2021, meaning its ability to operate in the US or do business with US entities abroad is severely restricted.
The NSO Group has tried to get US courts to dismiss WhatsApps lawsuit against the company, citing, among other things, a lack of jurisdiction and the fact that its clients are mostly governments and therefore are not doing anything illegal. WhatsApp lawyers have sought to portray NSO Group as indeed being liable for Pegasus by attempting to tie the vendor more directly to customer use of the spyware tool.
In the newly released court documents, WhatsApp has alleged that NSO Group repeatedly and deliberately worked around the mechanisms the company put in place to prevent misuse of the secure messaging platform. One of them was a modified WhatsApp client app called the WhatsApp Installation Server (WIS) that could access WhatsApps back-end servers in ways its own client software could not. NSO Group then developed tools named Heaven and Eden to interact with WIS in such a way as to trigger Pegasus downloads on target phones via WhatsApp. The company developed Eden after WhatsApp discovered Heaven and put up blocks against it. When WhatsApp engineers discovered Eden, NSO developed and used yet another tool, called Erised, through 2020, or after WhatsApp had filed its lawsuit.
The WhatsApp lawsuit is
one of several
that NSO Group is currently battling in courts worldwide from organizations and
individuals impacted by the malware
. In September,
Apple sought voluntary dismissal
of a 2021 lawsuit it had filed against NSO Group, citing concerns over the company having to share information with the court that other spyware makers could abuse going forward.
Back when the lawsuit was filed, the NSO Group was among a handful of known purveyors of such mobile spyware software. Since then, there has been a sharp increase in the number of commercial spyware vendors, driven largely by demand from government agencies. A
Google report earlier this year
identified spyware vendors like NSO Group as being responsible for nearly half of all zero-day exploits it counted between mid-2014 and December 2023.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
WhatsApp: NSO Group Operates Pegasus Spyware for Customers