NSO Group Faces Another Lawsuit – This Time, From Apple

Notorious hacking vendor, NSO Group, is facing another lawsuit. This time, Apple is the one taking the organization to court.

NSO Group is facing even more problems. Already, there is the ongoing lawsuit from WhatsApp that really isn’t going well for the hacker for hire organization. On top of that, there is the fact that the organization got kicked off of Amazon services. Then there’s French President, Emmanuel Macro, calling for an investigation after his name came up in a list of potential targets of their Pegasus malware. Then, Apple was forced to issue a patch after it was discovered that the organization was caught exploiting a security vulnerability.

Earlier this month, NSO Group found themselves blacklisted by the US government. From The Guardian at the time:

The executive due to take over as chief executive of Israeli spyware company NSO Group has quit after the business was blacklisted by the US Department of Commerce, the company has said.

Isaac Benbenisti, who joined the company in August, was named on 31 October as the future replacement for Shalev Hulio, a co-founder who was due to take on new roles as vice-chair and global president. Hulio will stay on as chief executive for the time being, and Benbenisti will leave the company.

“Shalev Hulio, the co-founder and CEO of NSO Group, announced that he will remain in his position as CEO for the near future, due to the need for stability and continuity during this period,” an NSO spokesperson said.

In a resignation letter, excerpts of which were provided by a spokesperson, Benbenisti said “in light of the special circumstances” that had arisen following the US decision, along with being unable to carry out his vision for NSO, he “would not be able to assume the position of CEO with the company”.

The company’s signature spyware – known as Pegasus – is alleged to have been deployed by foreign governments against dissidents, journalists, diplomats and members of the clergy, with several alleged victims in the UK. Its clients have included Saudi Arabia, the United Arab Emirates, Hungary and India.

NSO was placed on a US blacklist last week by the Biden administration after it determined the Israeli spyware maker had acted “contrary to the foreign policy and national security interests of the US”.

Amazingly, that is not a comprehensive list of setbacks and controversies facing the organization, though that should give you an idea of just how much the problems keep getting piled on.

Now, we are learning that NSO Group is facing a brand new problem. Apple has filed a lawsuit against the organization as well. This as it has become apparent that the malware used by the organization was used to target activists, journalists, and politicians alike. While NSO Group denies that the malware was used against people like that, the evidence continues to stack up against what the organization is trying to say. From the BBC:

NSO’s Pegasus software can infect both iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras.

In its initial court filing, WhatsApp said NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices”.

Other tech firms, including Microsoft, Meta Platforms (formerly Facebook), Google-owner Alphabet and Cisco Systems have all previously criticised NSO.

In a blog post announcing the California lawsuit, Apple said it wanted to hold NSO Group and its parent company OSY Technologies “accountable for the surveillance and targeting of Apple users”.

“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” it said.

It’s worth pointing out that one of NSO Group’s core legal arguments is that they deserve special legal immunity because they work for government during the court hearings involving WhatsApp. That legal argument was shot down in court, making mounting a legal defence more difficult. A court loss with WhatsApp could very easily pave the way for other lawsuits beyond the one filed by Apple. What’s going to be interesting to see is if NSO Group will even survive this.

A court loss handed to NSO Group would definitely send a message that you can’t just say you are working for the government as a license to hack into computer systems. It also would send the message that it is possible that there are legal consequences for this kind of hacking. After all, if you are finding security vulnerabilities in something and simply keeping it to yourself for exploitative purposes, that’s not exactly going to earn you very much in the way of high praise in the first place. That is why not many are shedding very many tears for the organization in the first place.

Drew Wilson on Twitter: @icecube85 and Facebook.

1 Trackback or Pingback

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: