Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Tech Giants Show Support for WhatsApp in Lawsuit Against Spyware Firm

Microsoft, Cisco, GitHub, Google, LinkedIn, VMware and the Internet Association have filed an amicus brief in support of WhatsApp in the legal case against the NSO Group.

Microsoft, Cisco, GitHub, Google, LinkedIn, VMware and the Internet Association have filed an amicus brief in support of WhatsApp in the legal case against the NSO Group.

Facebook-owned messaging service WhatsApp filed the lawsuit in October 2019 in California, accusing Israeli technology firm NSO Group of spying on journalists, human rights activists and others.

WhatsApp says that NSO Group attempted to infect approximately 1,400 devices with spyware in an effort to steal sensitive information from WhatsApp users.

NSO Group claims that its Pegasus spyware is in fact a legitimate cyber-surveillance tool meant to help government organizations fight terrorism and other type of crime.

However, security firms and other organizations have publicly disclosed a multitude of incidents in which Pegasus was used maliciously. The most recent of these involved the use of an iMessage zero-day exploit to infect the iPhones of Al Jazeera journalists.

The amicus brief that Microsoft and others filed in support of WhatsApp underlines that the trading of software such Pegasus is concerning due to possible misuse by threat actors, because NSO does not share information on vulnerabilities it finds in targeted platforms, and because NSO and similar companies threaten human rights.

According to Microsoft, due to cyber-surveillance companies like the NSO Group, which are called private-sector offensive actors (PSOAs), the number of countries using offensive cyber capabilities has increased from five between 2012 and 2015 to at least 18 in the present.

“Reporting also shows foreign governments are using those surveillance tools, bought from PSOAs, to spy on human rights defenders, journalists and others, including U.S. citizens,” Microsoft notes in a blog post.

Advertisement. Scroll to continue reading.

Tools like Pegasus, the tech giant points out, enable the tracking of an individual’s whereabouts. They can be used to listen in on conversations, read texts and emails, access photos, steal contacts lists, download sensitive data, tap into internet search history, and more.

Microsoft also points out that privacy is fundamental for journalists to report on events, for dissidents to be able to make their voices heard, and for democracy to flourish. Cyber-surveillance tools such as Pegasus threaten all these, as well as individuals’ lives.

“The expansion of sovereign immunity that NSO seeks would further encourage the burgeoning cyber-surveillance industry to develop, sell and use tools to exploit vulnerabilities in violation of U.S. law. Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve,” Microsoft says.

Related: Journalists’ Phones Hacked via iMessage Zero-Day Exploit

Related: Spyware by Israel’s NSO Used Against Journalist: Amnesty

Related: Israel Spyware Firm NSO Operates in Shadowy Cyber World

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem