Sat 16 November 2024:
Unredacted court documents released on Thursday (Nov 14) show that NSO Group, the company behind the Pegasus spyware, admitted to developing exploits to hack into the phones of around 1,400 WhatsApp users in 2019. This operation, according to WhatsApp, violated both federal and state laws.
The information came to light as part of a lawsuit WhatsApp filed against NSO Group in 2019. The lawsuit reveals how NSO, an Israeli cyber-surveillance company, operates its Pegasus spyware on behalf of government clients. Last week, a federal judge in California ordered the release of previously redacted details from the case.
__________________________________________________________________________
https://whatsapp.com/channel/0029VaAtNxX8fewmiFmN7N22
__________________________________________________________________________
1,400 WhatsApp users targeted by Pegasus over two weeks in 2019
The unredacted documents included sworn statements from NSO employees, which became public for the first time on Thursday. WhatsApp initiated its lawsuit after discovering that 1,400 users, including journalists and activists, had been targeted by Pegasus over two weeks in 2019. The app is now asking the court to rule on the case, while NSO is opposing this request. Spyware is considered one of the most advanced hacking tools available.
Pegasus, described as “zero-click” spyware, can infiltrate devices without requiring users to interact with a suspicious link or file.
In the court filings, WhatsApp explained how NSO carried out these attacks. NSO employees reportedly reverse-engineered WhatsApp’s code and created their own system, called the “WhatsApp Installation Server” (WIS), to send messages through WhatsApp servers. These messages triggered Pegasus spyware to install on the targeted devices. WhatsApp argues that this method violated American laws and the app’s terms of service.
‘NSO’s operations violated US law’
A WhatsApp spokesperson said that the newly released evidence “shows exactly how NSO’s operations violated US law and launched their cyber-attacks against journalists, human rights activists and civil society.” They added, “We are going to continue working to hold NSO accountable and protect our users.”
NSO, not its clients, operates its spyware
According to depositions, NSO’s customers didn’t operate the spyware themselves. An NSO employee said that the customer “only needed to enter the target device’s number and ‘press Install, and Pegasus will install the agent on the device remotely without any engagement.’”
“The rest is done automatically by the system,” the NSO employee said. “In other words, the customer simply places an order for a target device’s data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus,” the WhatsApp filing said.
Princess Haya’s case
In one of the filings, WhatsApp pointed to a case where Pegasus was used to spy on Dubai’s Princess Haya and others connected to her. Princess Haya fled to the United Kingdom in 2019 after learning that Sheikh Mohammed bin Rashid Al Maktoum, the ruler of Dubai, had previously abducted two of his daughters and held them against their will.
NSO’s CEO, Yaron Shohat, admitted in his deposition that Pegasus was involved in these incidents.
NSO Group is yet to release its own unredacted filings.
NEWS AGENCIES
__________________________________________________________________________
FOLLOW INDEPENDENT PRESS:
WhatsApp CHANNEL
https://whatsapp.com/channel/0029VaAtNxX8fewmiFmN7N22
TWITTER (CLICK HERE)
https://twitter.com/IpIndependent
FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent
YOUTUBE (CLICK HERE)
https://www.youtube.com/@ipindependent
Think your friends would be interested? Share this story!
