NSO Group’s alleged operation of spyware exposes more direct link to human rights abuses
"NSO – not government clients – operates its spyware, legal documents reveal" 15 November 2024
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker – and not its government customers – is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.
The new details were contained in sworn depositions from NSO Group employees, portions of which were published for the first time on Thursday.
It comes five years after WhatsApp, the popular messaging app owned by Facebook, first announced it was filing suit against NSO...
...A spokesperson for NSO, Gil Lainer, said in a statement: “NSO stands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system. We are confident that these claims, like many others in the past, will be proven wrong in court, and we look forward to the opportunity to do so.”
...
In one, an NSO employee said customers only needed to enter a phone number of the person whose information was being sought. Then, the employee said, “the rest is done automatically by the system”. In other words, the process was not operated by customers. Rather NSO alone decided to access WhatsApp’s servers when it designed (and continuously upgraded) Pegasus to target individuals’ phones.
A deposed NSO employee also acknowledged under questioning from WhatsApp lawyers that one known target of the company’s spyware – Princess Haya of Dubai – was one of 10 examples of clients who had been “abused” “so severely” that NSO disconnected the service. The Guardian and its media partners first reported in 2021 that Haya and her associates were on a database of people who were of interest to a government client of NSO. A senior high court judge in the UK later ruled that the ruler of Dubai hacked the phone of his ex-wife Princess Haya using Pegasus spyware in an unlawful abuse of power and trust...