by Derrick Broze, Activist Post:
A California court recently ruled against the Israeli firm NSO Group which has become infamous for hacking numerous encrypted platforms.
By Derrick Broze, The Last American Vagabond
In late December the Northern District of California ruled against Israeli spyware firm NSO Group, finding the controversial firm liable for hacking and a breach of contract.
The ruling was the latest in a five year battle between NSO Group and WhatsApp over the Israeli company’s Pegasus spyware infiltrating WhatsApp’s servers to spy on WhatsApp users.
TRUTH LIVES on at https://sgtreport.tv/
Overall, the ruling was a win for WhatsApp with the court finding in favor of their motions for sanctions against NSO Group. However, the court also ruled against elements of WhatsApp’s sanctions request.
The court found that NSO Group is subject to evidentiary sanctions for refusing to comply with discovery requests after the court ordered the company to comply and produce various documents. The company is notorious for attempting to impede lawsuits by refusing to provide relevant information, including a now dropped lawsuit filed by Apple.
NSO Group used their malicious spyware known as Pegasus to infiltrate and monitor devices and extract information using what are known as zero-click exploits. This means that a user does not need to click on a link or download a program for a hacker to access their devices. Instead, Pegasus exploits existing software like WhatApp’s servers.
In this specific case, NSO Group was found liable for hacking journalists and employees of El Faro, an independent publication which primarily serves Central America. NSO Group and clients using their spyware used the zero-click exploits to install Pegasus on iPhones of 22 employees of El Faro between June 2020 and November 2021.
The court found that NSO Group exceeded its “authorized access” to WhatsApp’s servers and breached WhatsApp’s terms of service by transmitting its infiltration code and learning information about target devices through WhatsApp’s servers. The court found NSO Group liable under the Computer Fraud and Abuse Act (“CFAA”), California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), and for breach of contract.
Damages will be decided at a trial in 2025.
The Electronic Privacy Information Center (EPIC) called the ruling a “win for the journalists, activists, politicians, and everyday users that NSO Group targets to help authoritarian governments”.
EPIC filed an amicus brief against NSO Group arguing that foreign spyware is not exempt under the CFAA when the exploited computers are located in the United States. In their brief, EPIC noted that, “Unlike a one-click attack, which requires a target to click on a link in order to trigger the attack, a zero-click attack downloads and installs spyware on the target’s device without the target’s involvement or awareness, making it all but impossible for even sophisticated smartphone users to prevent or detect attacks.”
“The Pegasus attacks not only caused Plaintiffs serious personal harms, but
also upended Plaintiffs’ professional lives,” EPIC wrote. “Plaintiffs have fundamentally altered how they use their iPhones, making it considerably more costly and time-consuming to conduct the in-depth, independent reporting for which El Faro is known.”
EPIC has also submitted a Freedom of Information Act request to the FBI seeking information about its connections to NSO Group and use of Pegasus spyware. The organization has yet to hear back from America’s largest law enforcement agency.
