Tech Giants file suit against hacking company NSO

Israel-based spyware firm NSO Group is facing the burns of law suit as several tech giants, including Microsoft, Google, Cisco and VMware, have filed a brief backing Facebook's lawsuit against the spyware for hacking into Facebook-owned WhatsApp's instant messaging app to enable spying by the company's clients.

In a federal civil lawsuit filed in October 2019, Facebook alleged that NSO Group developed an exploit that enabled governments to spy on WhatsApp messages from diplomats, journalists, human rights activists and political dissidents. The lawsuit seeks unspecified damages as well as a permanent injunction banning NSO Group from accessing WhatApp's systems.

In July, a federal judge ruled that the lawsuit could proceed, and WhatsApp and Facebook are now seeking documents from NSO Group. On Monday, the tech firms, as well as the Washington-based Internet Association, filed a brief supporting Facebook's lawsuit seeking damages and an injunction, stating that the spyware tools NSO Group sells are "powerful and dangerous."

"Foreign governments may use the technology in problematic ways, but beyond that, idiosyncratic misuse is a much greater systemic risk," the companies say in their brief. "Widespread creation and deployment of these tools by private companies acting for profit dramatically increases the risk that these vulnerabilities will be obtained and exploited by malicious actors other than the initial."

In a separate statement, Microsoft notes that, by filing the brief, the tech companies are looking to protect their customers and trying to prevent the proliferation of offensive cyber weapons for malicious purposes.

"We hope that standing together with our competitors today through this amicus brief will help protect our collective customers and global digital ecosystem from more indiscriminate attacks," Microsoft states, calling for the court to hold NSO Group liable for violating WhatsApp's security protections.

NSO Group did not immediately respond to a request for comment. But the company has maintained that its tools are only used by its clients to crack down on terrorist groups and for law enforcement purposes.

The company further repeatedly denied that its tools are used against activists and disputed the accusations in the WhatsApp lawsuit In seeking to have the U.S. lawsuit thrown out, NSO Group's lawyers argued in previous court filings that, because the company was acting as a contractor to governments, it was immune from legal actions. The company also argued that this immunity allows it to keep its list of clients private.

Facebook, however, argued that NSO Group should not be granted sovereign immunity because that

In a report published Sunday, Citizen Lab revealed that iPhones belonging to 36 Al Jazeera journalists were hacked using Pegasus software. The report says that NSO Group is now using "zero-click exploits," which enable its government clients to break into phones without any interaction from the target and without leaving any visible traces.

"The phones were compromised using an exploit chain that we call Kismet, which appears to involve an invisible zero-click exploits in iMessage. In July 2020, Kismet was a zero-day against at least iOS 13.5.1 and could hack Apple's then-latest iPhone 11," the report said.

NSO tools have allegedly been used in other cyberattacks. In January, following the hacking of Amazon CEO Jeff Bezos's smartphone, a digital forensic analysis conducted by FTI Consulting found that Bezos's device may have been infected with Pegasus software deployed by Saudi Arabian state actors.

Also in January, Citizen Lab reported that a New York Times reporter was targeted with Pegasus as part of a campaign with possible links to a Saudi Arabia group