On Tuesday, WhatsApp won a major victory against the NSO group when a jury ordered the infamous spy software manufacturer to pay more than $ 167 million in damages to the metal company.
The decision has concluded a legal battle covering more than five years, which started in October 2019 when WhatsApp accused the Piration NSO group of more than 1,400 of its users by enjoying vulnerability in the audio functionality of the chat application.
The verdict intervened after a trial before one week jury which presented several testimonies, including the CEO of NSO Group, Yaron Shohat and the employees of WhatsApp who responded and investigated the incident.
Even before the start of the trial, the case had found several revelations, including that the NSO group had cut 10 of its government customers to have abused its PEGASUS spy software, the locations of 1,223 of the victims of the Spyware campaign and the names of three of the customers of the manufacturer Spyware: Mexico, Saudi Arabia and the three of the Espion software.
Techcrunch read the transcriptions of the hearings of the trial and highlights the most interesting facts and revelations that have come out. We will update this message as we learn more from the cache of more than 1,000 pages.
The testimony described how the WhatsApp attack worked
The zero attack click on a click, which means that the spy software did not require any interaction of the target, “worked by passing a false phone call WhatsApp to the target”, as the lawyer of WhatsApp said, Antonio Perez, during the trial. The lawyer explained that the NSO group had built what he called the “Whatsapp installation server”, a special machine designed to send malicious messages through the infrastructure of WhatsApp imitating real messages.
“Once received, these messages would trigger the user’s phone to reach a third server and download Pegasus’ spy software. The only thing they needed to get there was the phone number,” Perez said.
The vice-president of research and development of the NSO Group, Tamir Gazneli, said that “any zero solution click that this is an important step for Pegasus”.
The NSO group confirms that it has targeted an American phone number as a test for the FBI
Contact us
Do you have more information on the NSO group or in other spy software companies? From a device and a non-work network, you can contact Lorenzo Franceschi-Bicchierai safely on the signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or e-mail.
For years, NSO Group said that its spy software could not be used against American phone numbers, which means any cell number that begins with the +1 country code.
In 2022, The New York Times was reported for the first time That the company “attacked” an American phone, but it was part of a test for the FBI.
The lawyer for the NSO group, Joe Akrotirianakis, confirmed it, claiming that “the unique exception” in Pegasus not being able to target +1 numbers “was a specially configured version of Pegasus to use on demonstration for potential American government customers.”
The FBI would have chosen Do not deploy Pegasus after his test.
How government customers from the NSO group use Pegasus
The CEO of NSO, Shohat, explained that the PEGASUS user interface for its government customers does not provide an option to choose the method or the hacking technique to use against the objectives that interest them, “because customers do not care about the vector they use, as long as they get the intelligence they need.”
In other words, it is the Pegasus system in the Backend which chooses the hacking technology, known as the feat, to use each time the spy software targets an individual.
The headquarters of NSO Group share the same building as Apple
In a funny coincidence, the NSO group headquarters In Herzliya, a suburb of Tel Aviv in Israel, is in the same building AppleOf which iPhone customers are also frequently targeted by PEGASUS spy software from NSO. Shohat said that NSO occupies the first five floors and that Apple occupies the rest of the 14 -storey building.
The fact that the registered office of the NSO group is openly announced is somewhat interesting in itself. Other companies that develop spy software or zero days such as Variston based in Barcelona, which closed in February, was located in a co-work space while affirming that its official website was located elsewhere.
The NSO group admitted that it continued to target WhatsApp users after filing the pursuit
After the spy software attack, WhatsApp filed its trial against NSO Group in November 2019. Despite the active legal challenge, the spy software manufacturer continued to target users of the chat application, according to the vice-president of research and development of the NSO group, Tamir Gazneli.
Gazneli said that “Eriseed”, the code name for one of the versions of the zero Whatsapp click vector, was used from the end of 2019 until May 2020. The other versions were called “Eden” and “Heaven”, and the three were collectively known as “Codial”.
