Israel’s NSO Group may have more knowledge about the usage of its Pegasus commercial spyware than previously disclosed, according to court documents released in connection with a legal battle with Meta’s WhatsApp.
NSO Group allegedly installed and operated the spyware on behalf of its customers, making the company directly responsible for its use, as claimed by WhatsApp lawyers in a court filing released on Nov. 14 in the US District Court for the Northern District of California.
The court documents are part of a lawsuit that WhatsApp initiated against NSO Group in October 2019 after discovering that the Israeli firm had used WhatsApp servers to distribute Pegasus to around 1,400 mobile phones, including those of journalists and activists.
NSO ‘Solely Responsible’
“NSO is solely responsible for Pegasus’s unauthorized access to WhatsApp’s servers,” noted the social media giant in a briefing. WhatsApp’s lawyers claimed that NSO Group had a significant role in the operation and data collection of the spyware tool, despite NSO’s assertions. They mentioned that NSO Group customers only needed to provide a target’s phone number, initiate the installation, and wait for the malware to be installed on the target device without further involvement.
Additionally, WhatsApp alleged that NSO Group was aware of how customers utilized its malware and had terminated services to 10 customers due to excessive misuse, as stated by the lawyers.
Controversial Surveillance Software
Pegasus is a contentious mobile spyware intended for discreet monitoring and data extraction from iOS and Android smartphones. NSO Group claims to sell the technology to authorized government agencies for legal purposes, but critics argue that it has been misused, especially in authoritarian regimes, to target journalists, activists, and dissidents.
A 2021 database leak revealed that NSO Group customers had targeted over 50,000 phone numbers for surveillance in various countries. The US government formally blacklisted the company in 2021, restricting its operations in the US.
The legal battle between WhatsApp and NSO Group unveiled several instances where NSO circumvented mechanisms set up by WhatsApp to prevent misuse. NSO developed tools like Heaven, Eden, and Erised to trigger Pegasus downloads on target phones via WhatsApp, even after legal actions were taken.
WhatsApp’s lawsuit is one of several cases that NSO Group is currently facing globally from affected parties. In a related development, Apple sought to dismiss a lawsuit against NSO Group in 2021.
The commercial spyware market has expanded significantly in recent years, with vendors like NSO Group being responsible for a substantial number of zero-day exploits, according to a Google report.
