Large technological ones presume to shield their ecosystems, but the reality is more complex: there are no infallible systems. And if there is an expert company in finding the right crack, that is NSO Group, the Israeli firm responsible for Espía Pegasus software. Now, goal has achieved a historical judicial victory after six years of litigation: a federal jury has sentenced NSO to pay more than 167 million dollars in punitive damagein addition to another $ 444,000 in compensatory, for affecting WhatsApp users with their espionage tool.
Goal declared the war to Pegasus. The demand was filed in 2019, after discovering a massive attack that took advantage of a critical vulnerability in the WhatsApp calls system. The Pegasus spyware could be installed on the devices through a simple call, even if the user did not respond. From there, it was able to activate the microphone and the camera, access messages, emails, locations and all types of sensitive data of the device.
Suspicious infection attempts collected from the phone of a goal (Citizen Lab)The investigation was carried out in collaboration with Citizen Lab, which helped identify the possible affected: more than 1,400 users, including journalists, human rights and diplomatic activists. WhatsApp says that it directly notified each of these people and displayed urgent security patches. It was the first time that an encrypted messaging provider brought a private company to the courts to use espionage tools against its platform.
Secrets that came to light. During the judicial process, NSO Group was forced to admit something that had been avoiding confirming: that his software is capable of silently compromising “the entire content” of a telephone. Pegasus can be infiltrated both in iOS and Android using different vectors – including zero day exploits, browsers and messaging services – and once installed, communicates with external servers to send the data.
The trial forced, for the first time, to high positions to declare under oath. It was exposed how its salary surveillance system works, which operates as a service sold to governments and agencies. In addition, Meta made it clear that WhatsApp was not the only objective of NSO: its infrastructure was used to attack other services, and its activity affected users in at least 20 countries, according to Citizen Lab. Pegasus, in fact, it can compromise other applications encrypted as a signal, which expands the scope of the threat.
The verdict that marks a precedent. As we say, the decision of the recently announced jury forces NSO to pay 167 million dollars for punitive damage and more than $ 444,000 for additional dollars for compensatory damages. It is the first judicial judgment in the United States that holds a Spyware company for the illegal use of its tools against technological platforms and civil users.
Meta has not hesitated to point out this movement as an important advance for privacy and digital safety, and believes that the sentence acts as a deterrent for the entire spy software industry.
Apple also tried to take them to trial. Apple filed its own demand against NSO Group in November 2021. He claimed that the company had used the Forcentry Exploit to compromise Apple devices through a manipulated identification system. The objective: install pegasus without user knowledge. The company requested a court order that prohibited the use of its software and services by NSO.
However, it transpired that last year Apple decided to withdraw from the case. According to the motion presented to the Court, continuing with the process supposed a risk: they feared that confidential information about its threat intelligence system could be exposed. Apple argued that the current environment – more fragmented and with malicious actors more diverse than when the lawsuit was filed – made the potential benefits of the trial no longer compensate for safety risks for its users.
Images | Boliviainteligent
In Xataka | WhatsApp the privacy seemed pump proof. Until a state prosecutor tried to erase incriminating messages
