Spyware Group Exposed for using Pegasus to target Journalists Phones has been Ordered to Dislose Software Code

For years, cybersecurity researchers at Citizen Lab have been closely monitoring the activities of the Israeli spyware firm NSO Group, particularly focusing on its flagship product, Pegasus. Their investigations have revealed alarming instances of Pegasus being used to target the phones of journalists and human rights defenders via a WhatsApp security vulnerability, as reported in 2019.

Now, NSO Group, which is blacklisted by the U.S. government for selling spyware to repressive regimes, finds itself embroiled in a lawsuit over the WhatsApp exploit. Filed in U.S. federal court in 2019 by WhatsApp and Meta (then Facebook), the lawsuit alleges that NSO sent Pegasus and other malware to approximately 1,400 devices worldwide. Despite NSO’s repeated attempts to have the case dismissed, it has persisted for over four years.

As the lawsuit progresses, NSO has resorted to demanding access to Citizen Lab’s investigative materials. However, a judge recently denied NSO’s latest attempt to obtain access to Citizen Lab’s documents. Citizen Lab’s lawyers argued that providing raw research data to NSO would endanger individuals already victimized by NSO’s activities and could lead to further harassment, including from their own governments.

NSO has been striving to improve its public image in recent years, particularly since being blacklisted in 2021. The company has even requested meetings with the State Department to discuss Pegasus as a tool for combating terrorism. Nevertheless, NSO continues to face legal challenges in U.S. courts over Pegasus, with ongoing lawsuits brought by various parties, including Salvadoran journalists, Apple, and Hanan Elatr Khashoggi, the widow of murdered journalist Jamal Khashoggi. These lawsuits rely heavily on Citizen Lab’s research findings.

Despite NSO’s efforts to evade accountability, the WhatsApp lawsuit has not been in the company’s favor. Initially, NSO claimed immunity from being sued in American courts, but this argument was rejected by a federal appeals court in 2021. The lawsuit has since faced other legal hurdles, including NSO’s unsuccessful attempts to have it moved to Israel.

In a significant development, earlier this year, Judge Phyllis Hamilton ordered NSO to disclose the software code not only for Pegasus but also for any NSO spyware targeting or directed at WhatsApp servers. This order underscores the extent of NSO’s legal obligations and the gravity of the allegations against it.

While NSO has obtained thousands of documents from Meta and WhatsApp regarding Citizen Lab’s Pegasus investigation, its attempts to extract more information directly from Citizen Lab have been thwarted. Despite NSO’s persistence, Judge Hamilton concluded that its demands were “plainly overbroad.” She has left open the possibility for NSO to try again, but only if it can provide evidence linking specific individuals identified by Citizen Lab as targets to criminal or terrorist activity.

In response to the court’s decision, Citizen Lab’s director, Ronald Deibert, expressed satisfaction that the court recognized NSO Group’s request for information as overbroad and unnecessary at this time to resolve the disputed issues. This legal battle underscores the importance of holding companies like NSO accountable for their actions and protecting the rights of individuals targeted by unlawful surveillance.

SOURCE: THE INTERCEPT