On Tuesday, WhatsApp earned a major victory against NSO group When a jury ordered the slanderer spy to pay more than $ 167 million in damage to the Meta-owned company.
The judgment ended a legal battle lasting more than five years, which began in October 2019 when WhatsApp accused NSO group of chopping more than 1,400 of its users using vulnerability in the chat program Audio-calling functionality.
The verdict came after a weekly jury trial, which presented several testimonials, including the Director General of NSO Group Yaron Shohat and WhatsApp employees who responded and investigated the incident.
Even before the lawsuit began, the case discovered several revelations, including that NSO group cut off 10 of its government clients Due to abuse of its pegasus -espionage, the places of 1.223 of the victims from the Spy Campaign, and the names of three of the spy clients: Mexico, Saud -Aarabia and Uzbekistan.
Techcrunch read the transcripts of the processes of the process and emphasizes the most interesting facts and revelations that have appeared. We will update this post while we will learn more from the cache of more than 1,000 pages.
Certification described how the WhatsApp attack worked
The Zero-click attackwhich means that espionage required no interaction of the target, “processed by placing a false WhatsApp telephone call to the target,” as said WhatsApp’s lawyer, Antonio Pérez during the trial. The lawyer explained that an NSO group built what it called the “WhatsApp Installation Server”, a special machine designed to send malicious messages through WhatsApp’s infrastructure by imitating actual messages.
“After they received, those messages would trigger the user’s phone to get a third server and download the Pegasus spy. The only thing they need to do this was the phone number,” Perez said.
NSO Group Vice President Tamir Gazneli testified that “any zero-click solution is a significant milestone for Pegasus.”
NSO group confirms that it was aimed at a US phone number as a test for the FBI
Contact us
Do you have more information about an NSO group, or other spy companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai safely on a signal at +1 917 257 1382, or by telegram and keyboard @LorenzofB, or E -mail.
For years, NSO Group has claimed that its espionage cannot be used against US phone numbers, meaning any cellular number that starts with the +1 country code.
In 2022, The New York Times first reported That the company “attacked” a US phone, but it was part of a test for the FBI.
NSO Group’s lawyer, Joe Akrotiriianakis, confirmed this, saying that the “single exception” to Pegasus unable to target +1 numbers “was a specially configured version of Pegasus to be used in proof to potential US government clients.”
The fbi reportedly chosen Do not deploy Pegasus following its test.
As NSO Group’s government clients use Pegasus
The NSO Director General explained that Pegasus’ user interface for its government clients does not give the opportunity to choose which hack method or technique to use against the goals they are interested in, “because customers do not care about which vector they use, as long as they receive the intelligence they need.”
In other words, it is the Pegasus system in the backend, which chooses, which hacking technology, known as to exploitUse every time the espionage is aimed at an individual.
The NSO Group headquarters share the same building as Apple
In fun coincidence, NSO group Headquarters In Herzliya, a suburb of Tel life in Israel, is in the same building Like an applewhose iPhone clients are also often targeted by a Pegasus -espionage of NSO. Shohat said NSO occupies the top five floors and Apple occupies the rest of the 14-story building.
The fact that NSO Group’s headquarters is openly advertised is somewhat interesting. Other companies that develop spy or zero days as The Barcelona-based Varietywho Locked in FebruaryLocated in collaborative space while he claimed on its official website to be located elsewhere.
NSO Group acknowledged that it was intended to target WhatsApp users after the process was submitted
Following the spy attack, WhatsApp presented his lawsuit against NSO Group in November 2019. Despite the active legal challenge, the espionist of the espionage aimed at the users of the chat app, according to the vice president of the research and development of NSO Group Tamir Gazneli.
Gazneli said that “Erised”, the code name for one of the versions of the Whatsapp Zero-click vector, was used from late 2019 to May 2020. The other versions were called “Eden” and “Sky”, and the three were collectively known as “Hummingbird.”
