The Northern District Court of California ordered the Israeli company NSO Group, maker of one of the world’s most sophisticated cyber weapons, to hand over Pegasus code and other spyware products to WhatsApp as part of an ongoing lawsuit.
The decision is from Judge Phyllis Hamilton and represents a major legal victory for WhatsApp, the Meta-owned messaging app that has been involved in a lawsuit against NSO since 2019, when it alleged that the Israeli company’s spyware had been used against 1,400 WhatsApp users over two years.
The code for Pegasus and other surveillance products that NSO sells is seen as a state secret, as the company is closely regulated by the Israeli Ministry of Defense, which must review and approve the sale of all licenses to foreign governments.
Hamilton’s decision came after an appeal filed by NSO to relieve it of all obligations regarding findings in the case due to “various U.S. and Israeli restrictions.” The judge, however, sided with WhatsApp in ordering the company to disclose “all relevant spyware” for a period of one year before and after the two weeks in which WhatsApp users were allegedly attacked: April 29, 2018 on May 10, 2020. NSO must also provide information to WhatsApp “on the full functionality of the spyware”.
Hamilton, however, ruled in favor of NSO on a different issue: the company will not be forced at this time to disclose the names of its customers or information about its server architecture. “The recent court ruling is an important milestone in our long-standing goal of protecting WhatsApp users from illegal attacks. Spyware companies and other malicious actors need to understand that they can be caught and cannot ignore the law,” a WhatsApp spokesperson told The Guardian. NSO declined to comment on the decision. The litigation continues.
When deployed against a target, Pegasus software can hack any cell phone, gaining unrestricted access to phone calls, emails, photographs, location information and encrypted messages without the user’s knowledge. NSO was blacklisted by the Biden administration in 2021 after it determined that the Israeli manufacturer acted “contrary to U.S. foreign policy and national security interests.”
NSO sells its spyware to government customers around the world and has said that the agencies that deploy it are responsible for how it is used. Although NSO does not disclose the names of its customers, research and media reports over the years have identified Poland, Saudi Arabia, Rwanda, India, Hungary and the United Arab Emirates as some of the countries that have used the technology to reach dissidents, journalists, human rights activists and other members of civil society.
Source: CisoAdvisor
