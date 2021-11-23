Apple Sues Israeli Spyware Maker NSO Group
SAN FRANCISCO – Apple on Tuesday filed a lawsuit in federal court against NSO Group, an Israeli surveillance company, which dealt another blow to troubled firms and the unregulated spyware industry.
The lawsuit is the second of its kind – Facebook filed a lawsuit against NSO Group in 2019 for targeting its WhatsApp users – and represents another consequential move by a private company to curb aggressive spyware by the government and companies providing their intelligence tools.
Apple, for the first time, seeks to hold NSO accountable for what Apple says is surveillance and targeting of users. Apple also wants to permanently bar NSO from using any Apple software, services or equipment, which could make the company’s Pegasus spyware product useless, as their main business is to give NSO’s government clients full access to the target iPhone or Android smartphone.
Apple Corps has demanded unspecified compensation for the time and expense involved in arguing that NSO’s products were misused. Apple said it would donate the proceeds to those who exposed the spyware.
Since the NSO was founded in 2010, its officials have said it sells spyware to the government only to create legal hurdles, but a series of revelations by journalists and private investigators show how much the government has deployed NSO’s Pegasus spyware against journalists, activists and dissidents.
Apple officials described the lawsuit as a warning to NSO and other spyware developers. “This is what Apple is saying. If you do this, if you use our software as a weapon against innocent users, researchers, dissidents, activists or journalists, then Apple will not give you anything,” said Evan Cristic, head of security security engineering and architecture at Apple. . Monday interview.
The NSO group has suffered a number of serious setbacks. Earlier this month, the Biden administration blacklisted another Israeli watchdog, NSO and Candiru, in significant violation of Israel, saying it supplied spyware to foreign governments that used it to target the phones of journalists, dissidents, human rights activists and others. .
The ban, which means no US organization can work with the NSO, is the strongest step taken by any US administration to bring the global market for spyware.
The Israeli government, which approves the sale of any NSO software to foreign governments and considers the software an important foreign policy tool, is lobbying the United States to lift the ban on behalf of the NSO. NSO has said it will fight the ban, but the NSO Group’s takeover executive quit after the business was blacklisted, the company said.
One week after the federal ban, the United States Court of Appeals for the Ninth Circuit rejected the NSO Group’s proposal to dismiss Facebook’s lawsuit. The Israeli firm had argued that it could “claim foreign sovereign immunity.” The court’s 3-0 decision rejected NSO’s argument and allowed Facebook’s lawsuit to proceed.
The developments paved the way for Apple’s lawsuit against NSO on Tuesday. Apple was first spotted at NSO’s Cross Hairs in 2016, when researchers at Citizen Lab, a research institute at the University of Toronto’s Munk School of Global Affairs, and now BlackBerry-owned San Francisco mobile security company Lookout, discovered that NSO’s Pegasus Spyware Security was taking advantage of vulnerability.
NSO’s spyware allows its government clients access to the entire contents of the target phone, allowing agents to read the target’s text messages and emails, record phone calls, capture voice and footage from their cameras, and locate them.
Internal NSO documents, leaked to the New York Times in 2016, show that the company charged government agencies 650,000 to spy on 10 iPhone users – with a half-million-dollar setup fee. Government agencies in the UAE and Mexico were among NSO’s early clients, documents show.
The revelations led to the discovery of NSO’s spyware on the phones of human rights activists in the UAE and journalists, activists and human rights lawyers in Mexico – even their teenage children living in the United States.
The NSO said it would investigate any allegations of misconduct, but further revelations did not stop those governments from misusing NSO’s spyware.
A lawsuit was filed against Apple in March after NSO’s Pegasus spyware was found on a Saudi worker’s iPhone. Citizen Labs discovered that NSO’s Pegasus spyware infected the iPhone without a single click. Spyware can invisibly infect iPhone, Mac computer and Apple Watch, then send their data back to government servers, without the target knowing about it.
Citizen Lab called the zero-click infection scheme a “forced entry” and sent a sample to Apple in September. The discovery prompted Apple to release emergency software updates for their iPhones, iPads, Apple Watches and Mac computers.
The Pegasus model gave Apple a forensic understanding of how Pegasus works. The company found that NSO engineers had created more than 100 fake Apple IDs to carry out their attacks. In the process of creating those accounts, NSO engineers would have to agree to Apple’s iCloud Terms and Conditions, which explicitly require that iCloud users’ engagement with Apple be “governed by the laws of the state of California.”
The clause helped Apple sue NSO in the Northern District of California.
“This is a clear violation of our Terms of Service and the privacy of our customers,” said Heather Grenier, Apple’s senior director of commercial litigation. “This is our part of the land to send a clear signal that we will not allow our users to be abused in this way.”
After filing the lawsuit Tuesday, Apple said it would provide free technical, hazard intelligence and engineering assistance to Citizen Labs and other organizations involved in digital surveillance. Apple also said it would donate संस्थ 10 million to those organizations and there would be no losses.
Digital rights experts say Apple’s suit threatens NSO’s existence. “NSO is poison now,” said Ron Debert, director of Citizen Labs. “No one in their right mind wants to touch that company. But it’s not just one company, it’s an industry-wide problem. “
He added that the lawsuit could be a step towards further monitoring of the unregulated spyware industry.
“Steps like this are useful, but incomplete,” Mr Debert said. “We need more action from the government.”
