[ad_1]
On Thursday, WhatsApp achieved a legal victory by convincing a US federal judge to publicly release the matter Three judicial documents Which includes new discoveries about the inner workings of Pegasus, the spyware made by Israeli surveillance technology company NSO Group.
The newly disclosed documents include information from NSO employees’ depositions during legal proceedings, internal company documents, as well as – ironically – WhatsApp messages exchanged between NSO employees, which WhatsApp obtained by sending subpoenas to NSO.
The documents also reveal that NSO has in recent years cut off 10 government customers from accessing its Pegasus spyware, citing abuse of its service.
This release of new revelations is the latest development in a lawsuit filed by WhatsApp in 2019, accusing NSO of violating the Anti-Hacking Act, the Computer Fraud and Abuse Act, and violating WhatsApp’s terms of service, by accessing WhatsApp servers and targeting individual users. With spyware sent via chat application. The charges are based on a series of cyber attacks against WhatsApp users, including journalists, dissidents and human rights defenders.
“The evidence uncovered shows exactly how NSO operations violated US law and launched their cyber attacks against journalists, human rights activists and civil society,” WhatsApp spokesperson Zad Al-Sawah said in a statement sent to TechCrunch. “We will continue to work to hold NSO accountable and protect our users.”
“Tens of thousands” of potential targets
According to court documentsAccording to TechCrunch, NSO has developed a set of hacking tools for use against targets using WhatsApp, which are able to access private data on the target’s phone. The hacking wing was called “Hummingbird”, and two of the group’s exploits were named “Eden” and “Heaven”.
That suite cost NSO’s government clients — police departments and intelligence agencies — up to $6.8 million for a one-year license, and NSO generated “at least $31 million in revenue in 2019, according to one court document.”
Thanks to these hacking tools, NSO installed Pegasus on “between hundreds and tens of thousands” of targeted devices, according to NSO’s head of research and development, Tamir Gazneli.
Until now, it was not clear who was actually sending malicious WhatsApp messages to target individuals with spyware. For years, NSO claimed that it had no knowledge of customers’ operations and was not involved in carrying out targeted cyberattacks. Newly released court documents cast doubt on some of NSO’s claims.
WhatsApp argued in one court document that “the role of NSO agents is minimal,” since government agents only need to enter the phone number of the target device, and quoted an NSO employee, “Press install, and Pegasus will install the agent on the device remotely without any correlation.
“In other words, the customer simply makes a request for the target device’s data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus,” WhatsApp said.
“It was our decision whether or not to release (the exploit) using WhatsApp messages,” court documents quoted an NSO employee as saying, referring to one of the exploits the company provided to its customers.
When reached for comment, NSO spokesperson Gil Leiner said in a statement to TechCrunch: “NSO stands behind its previous statements in which we have repeatedly made clear that the system is operated solely by our customers and that neither NSO nor its employees have access to the intelligence.” collected.” by the system.”
“We are confident that these allegations, like so many others in the past, will be proven false in court, and we look forward to the opportunity to do so,” NSO’s Leiner said.
The three NSO vulnerabilities targeted WhatsApp users
One technique NSO used to allow its agents to target WhatsApp users, described in one of the documents, was setting up something the company called a “WhatsApp Installation Server,” or WIS, which WhatsApp calls a “fake client.” This was essentially a modified version of the WhatsApp app developed by NSO and used to send messages – including its malicious exploits – to regular WhatsApp users. NSO admitted to creating real WhatsApp accounts for its customers, according to a court document.
WhatsApp was able to defeat NSO’s “Eden” and “Heaven” vulnerabilities through security patches and updates, according to an internal NSO communication.
“Eden/Heaven/Hummingbird RIP announcement,” read a message sent to NSO staff.
Court documents show that NSO’s Heaven exploit was active before 2018, and was designed to direct targeted WhatsApp devices to communicate with a malicious WhatsApp server controlled by NSO.
After WhatsApp patched its systems against NSO’s Heaven vulnerability, NSO developed a new vulnerability called “Eden,” which an NSO employee said in court documents “needs to pass through WhatsApp’s relay servers,” and which the Heaven vulnerability sought. To avoid. It was the use of the Eden vulnerability that led to WhatsApp filing a lawsuit against NSO, according to another NSO employee.
The third vulnerability developed by NSO, which was revealed in the documents, was called “Erised”, which is a so-called “zero-click” exploit that can compromise the victim’s phone without any interaction from the victim. WhatsApp banned the use of NSO’s Erise vulnerability in May 2020, several months after WhatsApp filed the lawsuit.
Customer parts
Another interesting detail that emerged this week was the admission by a ousted NSO employee in the context of the lawsuit that Pegasus software was used against Princess Haya in Dubai, a case I reported on. The Guardian and The Washington Post In 2021, and Later by The New Yorker in 2023.
The same NSO employee said the spyware maker “cut off” access to Pegasus for 10 customers, citing misuse of the spyware.
At this stage of the legal case, WhatsApp is asking the judge to issue summary judgment in the case, and is awaiting the decision.
Meanwhile, details that emerged from the lawsuit this week could help other people who have sued NSO in other countries, according to Natalia Krapeva, technology legal counsel at Access Now, a nonprofit that has investigated some of the cases of misuse. Implemented with NSO spyware.
“WhatsApp’s adherence to its legal procedures is ultimately reaping some benefits,” Krapeva told TechCrunch. “While it is true that NSO did not share a lot of information (especially things like Pegasus codes, customer list, etc.), the information they did share is actually very useful to this case but also to the legal cases against NSO around the world.” World ”
“The fact that NSO is hiding information also cuts both ways because it makes it very difficult for them to mount a strong defense,” Krapeva said.
[ad_2]