Tuesday, WhatsApp marked a great victory against the NSO group when a jury ordered the notorious Spyware manufacturer to pay more than $ 167 million in damage to the Meta-Di Properties company.
The sentence concluded a legal battle that lasted more than five years, which began in October 2019 when Whatsapp accused the NSO group of hacking more than 1,400 of its users using a vulnerability in the audio function of the chat app.
The verdict arrived after a process with a week of a week that presented several testimonies, including Yaron Shohat and employees of the CEO of NSO Group and WhatsApp who responded and investigated on the accident.
Even before the start of the trial, the case had brought to light several revelations, including that NSO group had interrupted 10 of its government customers for abusing his pegasus spyware, the positions of 1,223 of the victims of the spyware campaign and the names of three of the Spyware manufacturer: Mexico, Saudi Arabia and Uzbekistan.
Techcrunch has read the transcriptions of the trial hearings and is highlighting the most interesting facts and revelations that have come out. We will update this post while we will learn more from the cache of over 1,000 pages.
The testimony described how the WhatsApp attack worked
The attack on Clica Zero, which means that the spyware did not require any interaction from the target, “worked placing a false call from WhatsApp to the lens”, as the WhatsApp lawyer Antonio Perez said during the trial. The lawyer explained that the NSO group had created what he called “WhatsApp installation server”, a special machine designed to send harmful messages through the WhatsApp infrastructure that imitates real messages.
“Once received, those messages would have activated the user’s phone to contact a third server and download the spyware Pegasus. The only thing they needed to make it happen was the phone number,” said Perez.
The vice -president of the research and development of the NSO Tamir Gazneli group has testified that “any solution to Clic Zero is a significant milestone for Pegasus”.
The NSO group confirms that it has targeted an American telephone number as a test for the FBI
Contact us
Do you have more information on the NSO group or on other spyware companies? From a device I do not work and a network, you can safely contact Lorenzo Franceschi-Bicchie on the signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or e-mail.
For years, the NSO group said that its spyware cannot be used against American telephone numbers, which means that any number of cells that starts with the country code +1.
In 2022, the New York Times reported for the first time that the company “attacked” an American phone but was part of a test for the FBI.
The lawyer of NSO Group Joe Akrotirianakis confirmed this, saying that the “single exception” in Pegasus could not be able to targeting +1 numbers “was a specially configured version of Pegasus to be used in demonstration to potential customers of the United States government”.
According to reports, the FBI chose not to distribute Pegasus after its test.
Like the government customers of the NSO group use Pegasus
The CEO of NSO, Shohat, explained that the Pegasus user interface for its government customers does not provide an option to choose which hacking method or technique to use against the objectives they are interested in, “because customers don’t care which carrier use, as long as they get the intelligence they need”.
In other words, it is the Pegasus system in the backnd that collects which hacking technology, known as exploit, to be used every time the spyware targeted an individual.
The headquarters of the NSO group shares the same Apple building
In a fun coincidence, the NSO Group headquarters in Herzliya, a suburb of Tel Aviv in Israel, is in the same building as Apple, whose iPhone customers are often also targeted by the NSO spyware of NSO. Shohat said NSO occupies the first five floors and Apple occupies the rest of the 14 -storey building.
The fact that the headquarters of the NSO group is openly advertised is a bit interesting alone. Other companies that develop spyware or zero days such as the Variston based in Barcelona, which closed in February, were in a co-working space while stated on its official website that can be found somewhere else.
The NSO group admitted that it continued to target WhatsApp users after the cause was presented
Following the attack of Spyware, WhatsApp fought a cause against the NSO group in November 2019. Despite the active legal challenge, the Spyware manufacturer continued to target the users of the chat app, according to the vice -president of the research and development of the NSO Tamir Gazneili group.
Gazneli said that “Erized”, the code name for one of the versions of the Clica Zero of WhatsApp Zero, was in use from the end of 2019 until May 2020. The other versions were called “Eden” and “Heaven” and the three were collectively known as “HummingBird”.
