by Matt Agorist, The Free Thought Project:
(The Last American Vagabond) In late December the Northern District of California ruled against Israeli spyware firm NSO Group, finding the controversial firm liable for hacking and a breach of contract.
The ruling was the latest in a five year battle between NSO Group and WhatsApp over the Israeli company’s Pegasus spyware infiltrating WhatsApp’s servers to spy on WhatsApp users.
Overall, the ruling was a win for WhatsApp with the court finding in favor of their motions for sanctions against NSO Group. However, the court also ruled against elements of WhatsApp’s sanctions request.
TRUTH LIVES on at https://sgtreport.tv/
The court found that NSO Group is subject to evidentiary sanctions for refusing to comply with discovery requests after the court ordered the company to comply and produce various documents. The company is notorious for attempting to impede lawsuits by refusing to provide relevant information, including a now dropped lawsuit filed by Apple.
NSO Group used their malicious spyware known as Pegasus to infiltrate and monitor devices and extract information using what are known as zero-click exploits. This means that a user does not need to click on a link or download a program for a hacker to access their devices. Instead, Pegasus exploits existing software like WhatApp’s servers.
In this specific case, NSO Group was found liable for hacking journalists and employees of El Faro, an independent publication which primarily serves Central America. NSO Group and clients using their spyware used the zero-click exploits to install Pegasus on iPhones of 22 employees of El Faro between June 2020 and November 2021.
The court found that NSO Group exceeded its “authorized access” to WhatsApp’s servers and breached WhatsApp’s terms of service by transmitting its infiltration code and learning information about target devices through WhatsApp’s servers. The court found NSO Group liable under the Computer Fraud and Abuse Act (“CFAA”), California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), and for breach of contract.
Damages will be decided at a trial in 2025.
The Electronic Privacy Information Center (EPIC) called the ruling a “win for the journalists, activists, politicians, and everyday users that NSO Group targets to help authoritarian governments”.
EPIC filed an amicus brief against NSO Group arguing that foreign spyware is not exempt under the CFAA when the exploited computers are located in the United States. In their brief, EPIC noted that, “Unlike a one-click attack, which requires a target to click on a link in order to trigger the attack, a zero-click attack downloads and installs spyware on the target’s device without the target’s involvement or awareness, making it all but impossible for even sophisticated smartphone users to prevent or detect attacks.”
Read More @ TheFreeThoughtProject.com
