On Tuesday, Whatsapp scored a significant victory over the NSO group when a jury ordered the famous Spyware manufacturer to pay more than $ 167 million in compensation to the company owned by the post-ownership.
The decision came to a legal battle extending over more than five years, which began in October 2019, when Whatsapp accused the NSO for hacking team more than 1,400 of its users, utilizing a vulnerability in Appling Calling.
The verdict came after a weekly trial of the jury that included several testimonies, including NSO Yaron Shohat CEO and WhatsApp officials who responded and investigated the incident.
Even before the trial began, the case had discovered several revelations, including the NSO Group, had interrupted 10 of its government clients to abuse Pegasus Spyware, the positions of 1,223 of the victims of the Spyware campaign and the names of three of the Spyware Maker’s customers: Uzbekistan.
TechCrunch reads the test transcripts of the test and highlights the most interesting events and revelations that came out. We will update this post as we learn more of the cache of more than 1,000 pages.
Testimony described how the Whatsapp attack worked
Zero -click attack, which means that spyware did not require interacting with the target, “worked by placing a fake Whatsapp phone call on the target,” said WhatsApp Antonio Perez said during the trial. The lawyer explained that the NSO group had built what was called “WhatsApp Installation Server”, a special machine designed to send malicious messages to the entire WhatsApp infrastructure that mimics the real messages.
“Once taken, these messages will turn on the user’s phone to reach a third server and download Pegasus Spyware. The only thing that had to happen was the phone number,” Perez said.
NSO Tamir Gazneli’s Vice President of Research and Development has testified that “any zero -click solution is an important milestone for Pegasus”.
NSO Group confirms that it targets an American phone number as a test for FBI
Contact us
Do you have more information about NSO Group or other Spyware companies? From a device and non-work network, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or through the telegram and keybase @lorenzofb or email.
For years, the NSO Group has claimed that spyware cannot be used against US telephone numbers, which means any number of cells starting with the country code +1.
In 2022, New York Times mentioned for the first time That the company “attacked” a US phone but was part of a test for the FBI.
NSO Group lawyer Joe Akrotirianakis confirmed this, saying that the “single exception” in Pegasus was not able to target +1 numbers “was a specially designed version of Pegasus to be used on displaying possible US government customers.”
The fbi Reportedly Do not develop Pegasus after testing it.
How the NSO Group Group Customers use Pegasus
NSO CEO Shohat explained that Pegasus’s interface for its government clients does not provide the option to choose which method of hacking or technique to use the goals they are interested in “because customers are not interested in the vector they use if they get the intelligence they need”.
In other words, it is the PEGASUS system in the backend that chooses which hacking technology, known as exploitation, to use every time spyware targets a person.
NSO Group headquarters share the same building as Apple
In a funny coincidence, the NSO Group headquarters At Herzliya, a suburb of Tel Aviv in Israel, is in the same building as an applewhose iPhone customers are also often targeted at the NSO Pegasus Spyware. Shohat said the NSO occupies the top five floors and Apple occupies the rest of the 14 -storey building.
The fact that the NSO Group headquarters are advertised openly is somewhat interesting in itself. Other companies developing spyware or zero days, such as Barcelona -based Variston, which closed in February, was in a cooperation site, claiming its official website somewhere else.
The NSO Group admitted that it continued to target WhatsApp users after submitting the lawsuit
Following the Spyware attack, WhatsApp filed its lawsuit against the NSO Group in November 2019. Despite the active legal challenge, the Spyware manufacturer continued to target users of the conversation application, according to NSO Tamir Gazneli’s Vice President.
Gazneli said “Erized”, Codename for one of the zero -click editions of Whatsapp, was used from the end of 2019 to May 2020.
