Ethical Hacking News
In a shocking revelation, court filings have revealed that NSO Group had minimal control over customers' use of its spyware, contradicting prior claims by the Israeli firm. A recent lawsuit between Meta-owned WhatsApp and NSO Group has shed light on the complex relationship between these two entities, revealing new insights into the nature of modern espionage.
NSO Group had minimal control over customers' use of its Pegasus spyware, contrary to prior claims. The company developed malware that relied on WhatsApp exploits to infect target individuals, continuing to use them after Meta-owned WhatsApp sued in 2019. NSO Group employees created and used WhatsApp accounts to develop malware, violating WhatsApp's Terms of Service and potentially breaching laws like the CFAA and CDAFA. The revelations have sparked calls for greater regulation of surveillance firms like NSO Group to protect individual privacy and national security.
In a shocking revelation that has left many in the cybersecurity community questioning the very fabric of modern espionage, court filings have revealed that NSO Group, a renowned Israeli surveillance firm, had minimal control over customers' use of its spyware. Contrary to prior claims by the company, which consistently maintained that it operated its Pegasus system with absolute autonomy, the filing suggests that NSO Group's role in the deployment and operation of the malware was far more complex than initially thought.
The controversy surrounding NSO Group's actions dates back to 2019, when Meta-owned WhatsApp sued the Israeli firm for carrying out malicious attacks against its users. The lawsuit alleged that NSO Group attempted to compromise approximately 1,400 individuals through WhatsApp hacking attempts, with the surveillance software being used by government organizations worldwide to spy on human rights groups, activists, journalists, lawyers, and dissidents.
In response to the allegations, NSO Group has consistently maintained that it operated its Pegasus system solely at the behest of its clients. However, recent court filings have cast significant doubt on these claims, suggesting that the company may have had far more control over the deployment of its spyware than it initially let on.
According to the court filing, which was made public in November 2024, NSO Group developed malware that relied on WhatsApp exploits to infect target individuals. The filing further reveals that even after Meta-owned WhatsApp sued the Israeli firm, NSO Group continued to use WhatsApp exploits, including a spyware called "Erised," until changes to WhatsApp blocked its access sometime after May 2020.
The court filing also alleges that NSO Group employees created and used WhatsApp accounts to develop malware, violating WhatsApp's Terms of Service in multiple ways. These actions, which included reverse-engineering, transmitting harmful code, collecting user data without authorization, and accessing the platform illegally, are also believed to have breached the Computer Fraud and Abuse Act (CFAA) and California's Comprehensive Computer Data Access and Fraud Act (CDAFA).
These findings come as no surprise to many in the cybersecurity community, who have long suspected that NSO Group's involvement with its Pegasus spyware may be far more complex than initially thought. The recent revelations have sparked renewed calls for greater regulation of surveillance firms like NSO Group, which many argue pose significant risks to individual privacy and national security.
In response to the allegations, Meta-owned WhatsApp has continued to maintain that it suffered damages as a result of NSO Group's actions. The company has also sought justice through the courts, with a U.S. Judge ordering the Israeli spyware vendor to hand over the source code for its Pegasus spyware and other products to the social network giant in March 2024.
The implications of these recent revelations are far-reaching, and will undoubtedly have significant repercussions for individuals, organizations, and governments around the world. As we move forward, it is essential that we prioritize greater transparency and accountability in the development and deployment of surveillance technology, ensuring that such tools are used responsibly and with minimal risk to individual privacy.
Related Information:
https://securityaffairs.com/171047/security/nso-group-used-whatsapp-exploits-even-after-meta-owned-company-sued-it.html
Published: Sat Nov 16 06:55:53 2024 by llama3.2 3B Q4_K_M
