25.11.2024 17:47:00
Дата публикации
Newly released documents from a lawsuit between WhatsApp and Israel’s NSO Group have shed light on the Pegasus spyware and the company’s own responsibility for its use.
The data, which includes internal documents, statements from NSO employees, and WhatsApp correspondence, highlights that NSO itself, not its government clients, controlled the installation and operation of Pegasus.
According to the court documents, NSO employees acknowledged that Pegasus only required customers to enter a target number, after which the system would automatically install the software on the device and extract data, a process NSO had previously attributed to its customers, claiming that it did not have access to the collected information.
Three exploits were identified among NSO’s tools: Heaven, Eden, and Erised:
- The first was deployed through NSO-controlled servers and required some user interaction to infect.
- Eden interacted with WhatsApp servers in a complex manner, sending an infected message via the messenger.
- And Erised did not require any action from the user at all. WhatsApp fixed the vulnerabilities, but the development of new exploits continued even after the lawsuit was filed.
It is noteworthy that against the backdrop of these revelations, NSO quickly disconnected dozens of clients, including, for example, the Dubai government, accusing the latter of “abusing” their software.
WhatsApp, which initiated the lawsuit in 2019, accused NSO of violating the Computer Fraud and Abuse Act (CFAA) and using WhatsApp servers to install Pegasus. Among the victims were journalists, human rights defenders, and activists.
In response to WhatsApp's accusations, NSO continues to insist that it is not involved in the cyberattacks, emphasizing that its clients are fully responsible for using Pegasus. However, new data calls into question the veracity of these statements.
According to the documents, NSO earned at least $31 million in revenue from Pegasus in 2019, with annual license fees for customers reaching $6.8 million. The number of devices infected with Pegasus was measured in the thousands.
Court documents also show that NSO created a modified WhatsApp app used to send malicious messages and install exploits. This tool was also a key part of Pegasus’ operations.
WhatsApp representatives said the evidence released will help in this case and in other lawsuits against NSO around the world. The case is ongoing, and WhatsApp is seeking a final judgment in its favor.
(text translation is done automatically)
The data, which includes internal documents, statements from NSO employees, and WhatsApp correspondence, highlights that NSO itself, not its government clients, controlled the installation and operation of Pegasus.
According to the court documents, NSO employees acknowledged that Pegasus only required customers to enter a target number, after which the system would automatically install the software on the device and extract data, a process NSO had previously attributed to its customers, claiming that it did not have access to the collected information.
Three exploits were identified among NSO’s tools: Heaven, Eden, and Erised:
- The first was deployed through NSO-controlled servers and required some user interaction to infect.
- Eden interacted with WhatsApp servers in a complex manner, sending an infected message via the messenger.
- And Erised did not require any action from the user at all. WhatsApp fixed the vulnerabilities, but the development of new exploits continued even after the lawsuit was filed.
It is noteworthy that against the backdrop of these revelations, NSO quickly disconnected dozens of clients, including, for example, the Dubai government, accusing the latter of “abusing” their software.
WhatsApp, which initiated the lawsuit in 2019, accused NSO of violating the Computer Fraud and Abuse Act (CFAA) and using WhatsApp servers to install Pegasus. Among the victims were journalists, human rights defenders, and activists.
In response to WhatsApp's accusations, NSO continues to insist that it is not involved in the cyberattacks, emphasizing that its clients are fully responsible for using Pegasus. However, new data calls into question the veracity of these statements.
According to the documents, NSO earned at least $31 million in revenue from Pegasus in 2019, with annual license fees for customers reaching $6.8 million. The number of devices infected with Pegasus was measured in the thousands.
Court documents also show that NSO created a modified WhatsApp app used to send malicious messages and install exploits. This tool was also a key part of Pegasus’ operations.
WhatsApp representatives said the evidence released will help in this case and in other lawsuits against NSO around the world. The case is ongoing, and WhatsApp is seeking a final judgment in its favor.
