Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Tech Giants Show Support for WhatsApp in Lawsuit Against Spyware Firm

Microsoft, Cisco, GitHub, Google, LinkedIn, VMware and the Internet Association have filed an amicus brief in support of WhatsApp in the legal case against the NSO Group.

Microsoft, Cisco, GitHub, Google, LinkedIn, VMware and the Internet Association have filed an amicus brief in support of WhatsApp in the legal case against the NSO Group.

Facebook-owned messaging service WhatsApp filed the lawsuit in October 2019 in California, accusing Israeli technology firm NSO Group of spying on journalists, human rights activists and others.

WhatsApp says that NSO Group attempted to infect approximately 1,400 devices with spyware in an effort to steal sensitive information from WhatsApp users.

NSO Group claims that its Pegasus spyware is in fact a legitimate cyber-surveillance tool meant to help government organizations fight terrorism and other type of crime.

However, security firms and other organizations have publicly disclosed a multitude of incidents in which Pegasus was used maliciously. The most recent of these involved the use of an iMessage zero-day exploit to infect the iPhones of Al Jazeera journalists.

The amicus brief that Microsoft and others filed in support of WhatsApp underlines that the trading of software such Pegasus is concerning due to possible misuse by threat actors, because NSO does not share information on vulnerabilities it finds in targeted platforms, and because NSO and similar companies threaten human rights.

According to Microsoft, due to cyber-surveillance companies like the NSO Group, which are called private-sector offensive actors (PSOAs), the number of countries using offensive cyber capabilities has increased from five between 2012 and 2015 to at least 18 in the present.

“Reporting also shows foreign governments are using those surveillance tools, bought from PSOAs, to spy on human rights defenders, journalists and others, including U.S. citizens,” Microsoft notes in a blog post.

Tools like Pegasus, the tech giant points out, enable the tracking of an individual’s whereabouts. They can be used to listen in on conversations, read texts and emails, access photos, steal contacts lists, download sensitive data, tap into internet search history, and more.

Microsoft also points out that privacy is fundamental for journalists to report on events, for dissidents to be able to make their voices heard, and for democracy to flourish. Cyber-surveillance tools such as Pegasus threaten all these, as well as individuals’ lives.

“The expansion of sovereign immunity that NSO seeks would further encourage the burgeoning cyber-surveillance industry to develop, sell and use tools to exploit vulnerabilities in violation of U.S. law. Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve,” Microsoft says.

Related: Journalists’ Phones Hacked via iMessage Zero-Day Exploit

Related: Spyware by Israel’s NSO Used Against Journalist: Amnesty

Related: Israel Spyware Firm NSO Operates in Shadowy Cyber World

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.