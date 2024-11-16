NSO Cuts Off Customers From Pegasus After Abuse Discoveries

Key Takeaways

  • NSO Group admitted cutting off 10 government customers from its Pegasus spyware due to abuse, per newly unsealed court documents
  • The documents detail NSO's "Hummingbird" hacking suite designed to infiltrate WhatsApp and deploy Pegasus on a massive scale
  • Evidence appears to contradict NSO's claims of having no visibility into how clients used Pegasus

Israeli spyware firm NSO admitted cutting off access to its powerful Pegasus spyware for 10 government clients due to abuse, new court documents have revealed.

A US federal judge has ordered the release of three court documents containing new revelations about the inner workings of Pegasus, the notorious spyware created by Israeli cyber intelligence firm NSO Group. The documents, unsealed on Thursday, come from WhatsApp’s 2019 lawsuit accusing NSO of hacking its systems to target users with Pegasus.

TechCrunch reviewed the documents, reporting that they include testimony from NSO employees under oath, internal company records, and even messages between NSO staff that WhatsApp obtained through legal requests.

Among the various shady stuff was one major revelation: NSO admitted to restricting 10 government customers’ access to Pegasus in recent years because they had misused the spyware.

A WhatsApp spokesperson told the publication that the evidence demonstrates how NSO’s actions violated American laws and facilitated cyber-attacks on journalists, activists, and civil society groups.

The filings also revealed that NSO developed a hacking “suite” called Hummingbird to target WhatsApp users, featuring exploits like “Eden” and “Heaven.” Hummingbird licenses reportedly cost up to $6.8 million per year and generated over $31 million for NSO in 2019 alone. Using these tools, Pegasus was installed on a range of hundreds to tens of thousands of devices, according to testimony from an NSO executive.

NSO has downplayed its role in these activities so far by maintaining that its systems are operated solely by its clients.

“NSO stands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system,” a company spokesperson told TechCrunch.

However, WhatsApp argues that customers merely provide target phone numbers while “NSO controls every aspect…through its design of Pegasus,” citing an employee who stated that the company decided whether to deploy exploits via WhatsApp messaging.

Whatsapp Exploits

The documents outline three WhatsApp exploits used by NSO’s customers. “Eden” required routing targets through malicious WhatsApp servers until patched. “Heaven” predated Eden and avoided WhatsApp’s infrastructure. And “Erised” was a zero-click exploit blocked in 2020. One particularly damning technique even involved NSO creating fake WhatsApp clients to send malware to users.

WhatsApp is now seeking summary judgment and is awaiting a decision.

Previous revelations also exposed ties between NSO and the Israeli government. According to reports, Israel allegedly confiscated Pegasus files from NSO in 2020 to prevent their handover to WhatsApp as part of the lawsuit.

