The governments of Mexico, Saudi Arabia and Uzbekistan were among the different countries accused of being behind the 2019 hacking campaign that aimed at over 1,200 WhatsApp users with the Pegasus spyware of the NSO group, according to a lawyer who worked for the Israeli spyware manufacturer.
During an audition in the case between WhatsApp and NSO Group last Thursday, the lawyer of the NSO Joe Akrotirianakis group defined the three governments as customers who use spyware, according to a transcription of the hearing obtained from Techcrunch this week.
This is the first time that the representatives of the NSO group have publicly recognized who the customers of the Spyware manufacturer (or they were), after years of refusal to discuss his customers, claiming that the company was “incapable” to do so, a spokesman for the NSO group told Techcrunch in 2023, for example.
The revelation comes as part of a cause intended by WhatsApp Meta-Di Properties in 2019, which accused the Hacking NSO group of about 1,400 WhatsApp users by exploiting a vulnerability in the systems of the messaging app between April and May in the same year.
Contact us
Do you have more information on the NSO group or on other spyware companies? From a device I do not work and a network, you can safely contact Lorenzo Franceschi-Bicchie on the signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or e-mail.
The content of the audition of last week was reported for the first time by the Court news service.
In the complaint of the cause, Whatsapp said that there were more than 100 targeted victims who work as activists for human rights, journalists and “other members of civil society”. Citizen Lab, a group of digital rights that has studied the government’s spyware abuses for more than a decade, said in a relationship when he helped WhatsApp to identify those victims.
Last week, the lawyer of Nso Group Akrotirianakis told the judge that “there are at least eight customers whose names are part of the discovery in this case”, but only three have appointed them during the hearing.
At the same time, the lawyer also suggested that a list of countries included in a judicial document not sealed last week, which shows in which countries there were 1,223 victims of the 2019 spyware campaign, is also a list containing customers of the NSO group.
“Pegasus has been authorized for the territories and can only be used in those territories,” said Akrotirianakis, referring to Marquee’s spyware of the NSO group.
Apart from Mexico and Uzbekistan, the list of 51 countries includes Bahrain, India, Morocco, Spain, the United Kingdom and the United States. Saudi Arabia, which was mentioned by the NSO group’s lawyer at the hearing, however, does not appear in the list.
This could be explained by the fact that customers of some NSO groups can direct people outside their territory. For example, in 2017, Citizen Lab reported that there were “circumstantial evidence” to suggest that one or more government customers of the NSO group in Mexico targeted several people, including the son of a well -known Mexican journalist, who was in the United States at the time when he had been targeted.
Reached by Techcrunch before publication, the spokesman for the NSO Gil Lainer group refused to comment. To the question, Lainer did not contest that Mexico, Saudi Arabia and Uzbekistan were three customers of the company at the time of WhatsApp’s spyware campaign.
The Whatsapp spokesman Zade Alsawah told Techcrunch that the company is looking forward to “the next process to determine the damage and guarantee an injunction against NSO to protect the private communication of WhatsApp and people”.
Tuesday, in a preliminary order, the judge who presides over the case stated that while the NSO group said that the documents provided within the period of discovery of the case identify “at least four countries such as NSO customers”, the company has not yet publicly confirmed that these countries are its customers.
“The evidentiary record is opaque on which of the customers (NSO) were responsible for the attacks in question and therefore (WhatsApp) was unable to discover evidence that the screening procedures were followed compared to those customers,” wrote the judge. “Furthermore, to the extent that the parties discuss facts concerning customers who have found themselves abused of Pegasus, these facts seem to come from the relationships of the media, rather than the defendants.”
For years, organizations such as Citizen Lab and Amnesty International have documented cases in which Pegasus has been used to hit or hack journalists, dissidents and defenders of human rights in some countries mentioned in the list of victims, such as Mexico, Hungary, Spain and the United Arab Emirates, among others.
Techcrunch contacted the commentary on the Embassies of Mexico, Saudi Arabia and Uzbekistan in the United States and will update the story if we receive an answer.
Updated in all with the background and an additional context.
