Tech giants Google, Microsoft, Cisco and Dell on Monday joined Facebook in a legal fight against an Israeli spyware firm, filing a brief in an American court accusing the NSO Group of having “powerful, and dangerous” technology.
Last year, WhatsApp and its parent company, Facebook, filed an unprecedented lawsuit against the NSO Group, accusing the firm of targeting some 1,400 users of its encrypted messaging service with highly sophisticated spyware through missed calls. The accounts said to have been targeted included those of senior government officials, journalists, and human rights activists worldwide.
On Sunday, a cybersecurity watchdog said it had uncovered a case in which text messages were used to target phones without the owner opening the push notification — what’s known as a zero-click vulnerability.
The amicus brief filed on Monday at the US Court of Appeals for the Ninth Circuit challenged NSO’s argument that the firm should be protected by sovereign immunity, the Reuters news agency reported.
NSO claims it should be protected from lawsuits because it sells its technology to police and government agencies.
However, the four tech giants said that permitting NSO to claim immunity from prosecution would result in “more foreign governments with powerful and dangerous cyber surveillance tools.”
The brief said that “means dramatically more opportunities for those tools to fall into the wrong hands and be used nefariously.”
NSO has been widely condemned for selling spyware to repressive governments.
The NSO Group did not immediately return a request for comment from Reuters, but has previously argued that its products are used to fight crime and fully meet the firm’s compliance and human rights policy.
The NSO Group’s surveillance software, known as Pegasus, is designed to bypass detection and mask its activity. The malware infiltrates phones to vacuum up personal and location data and surreptitiously control the device’s microphones and cameras, allowing hackers to spy on reporters’ face-to-face meetings with sources.
Earlier this month, an Al-Jazeera anchor filed another lawsuit in the US, alleging that the NSO Group hacked her phone through WhatsApp over her reporting on Saudi Arabia’s powerful Crown Prince Mohammed bin Salman.
On Sunday, cybersecurity watchdog Citizen Lab reported dozens of journalists at Al-Jazeera, a Qatari state-owned media company, were targeted by advanced spyware, in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates.
Citizen Lab said it traced malware that infected the phones of 36 journalists, producers, anchors, and executives at Al-Jazeera back to the NSO Group.
Most unnerving to the investigators was that iMessages were infecting targeted cellphones without the users taking any action. Through push notifications alone, the malware instructed the phones to upload their content to servers linked to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools without even needing to get users to click on suspicious links or threatening texts.
The coordinated attacks on Al-Jazeera, which Citizen Lab described as the largest concentration of phone hacks targeting a single organization, occurred in July, just weeks before the Trump administration announced the normalization of ties between Israel and the UAE, the archrival to Qatar.
The breakthrough deal took public what had been a long-secret alliance. Analysts say normalization likely will lead to stronger cooperation in digital surveillance between Israel and Persian Gulf sheikhdoms.
Apple said it was aware of the Citizen Lab report and said the latest version of its mobile operating system, iOS 14, “delivered new protections against these kinds of attacks.” Apple has not been able to independently verify Citizen Lab’s analysis.
Emirati and Saudi authorities did not respond to requests for comment.
The NSO Group cast doubt on Citizen Lab’s accusations in a statement, but said it was “unable to comment on a report that we have not yet seen.” The firm said it provides technology for the sole purpose of enabling “governmental law enforcement agencies to tackle serious organized crime and counterterrorism.” Nevertheless, it added, “when we receive credible evidence of misuse… we take all necessary steps in accordance with our product misuse investigation procedure in order to review the allegations.” NSO does not identify its customers.
Prior to Sunday’s report, NSO’s spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents.
Most notably, the spyware was implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in 2018, and whose body has never been found.
Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, sued NSO in an Israeli court over the hacking.