Microsoft President Brad Smith is asking for President-elect Joe Biden’s support in a legal case against Israeli security firm NSO Group and WhatsApp.
Smith has suggested that NSO Group and similar companies are “a new generation of private companies akin to 21st-century mercenaries” who generate “cyber-attack proliferation to other governments that have the money but not the people to create their own weapons. In short, it adds another significant element to the cybersecurity threat landscape.”
“The Biden/Harris administration should weigh in with a similar view,” Smith wrote. He also compared the cyber-weapons to other “societally harmful activity” such as human trafficking, narcotics, and terrorism.
“An early opportunity for the Biden-Harris Administration will come in an appellate judicial case involving the NSO Group itself,” Smith wrote. “NSO has appealed a lower court finding that it is not immune from claims that it violated the US Computer Fraud and Abuse Act by accessing mobile devices without permission. Its argument is that it is immune from US law because it is acting on behalf of a foreign government customer and hence shares that government’s legal immunity. NSO’s proposed recipe would make a bad problem even worse, which is why Microsoft is joining with other companies in opposing this interpretation. The Biden/Harris Administration should weigh in with a similar view.”
“NSO’s legal approach, while disconcerting, does the world a service by highlighting the path needed to thwart this new cyberattack ecosystem. It’s to ensure that domestic laws clearly and strongly prohibit companies from helping governments engage in unlawful and offensive cyberattacks and investors from knowingly financing them,” Smith wrote.
According to the NY Times, the recent breaching of US government agencies including the Departments of Defense, State, Homeland Security, and Commerce, was traced to a Trojan horse installed in March as part of an upgrade offered by the computer software company SolarWinds. But even though SolarWinds has no connection to the two Israeli companies, Smith singled them out in a statement on a Microsoft company blog, writing:
“One illustrative company in this new sector is the NSO Group, based in Israel and now involved in US litigation. NSO created and sold to governments an app called Pegasus, which could be installed on a device simply by calling the device via WhatsApp; the device’s owner did not even have to answer. According to WhatsApp, NSO used Pegasus to access more than 1,400 mobile devices, including those belonging to journalists and human rights activists. … NSO represents the increasing confluence between sophisticated private-sector technology and nation-state attackers. Citizen Lab, a research laboratory at the University of Toronto, has identified more than 100 abuse cases regarding NSO alone. But it is hardly alone. Other companies are increasingly rumored to be joining in what has become a new $12 billion global technology market.”
In May 2029, The Financial Times reported that security researchers were accusing the Israeli firm NSO Group of developing technology that uses a security breach in the messaging app WhatsApp to break into iPhone and Android mobile phones.
Owned by Facebook, WhatsApp is estimated to be used by 1.5 billion people around the world. In the spring of 2019, WhatsApp engineers discovered an abnormal voice calling activity on their systems and alerted human-rights organizations and the US Justice Department about the threat.
On August 25, 2016, it was revealed that the Pegasus program created by NSO Group Technologies, founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio and based in Herzliya, was being used by the United Arab Emirates to target an opposition human rights activist Ahmed Mansoor.
The security researchers say they discovered a Pegasus-like spyware program that took advantage of a flaw in WhatsApp which it used to target a London attorney who was suing NSO Group for helping to hack the phones of a Saudi dissident named Omar Abdulaziz, a Qatari citizen, and several Mexican journalists and activists.
WhatsApp eventually released a patch which customers can get by updating their phones, and issued a statement saying “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
NSO Group argued its spyware was only licensed to government agencies and vowed to investigate “credible allegations of misuse.” The company sells its spyware to law enforcement agencies around the world, which said agencies can install on the mobile phones of criminal suspects. The phone of drug kingpin El Chapo was hacked using NSO software, and in 2011, the president of Mexico thanked NSO for it role in El Chapo’s arrest.
But in December 2018, the NY Times suggested the Pegasus software was used in the murder of Saudi journalist Jamal Khashoggi, based on a claim made by Khashoggi’s friend that Saudi authorities had used the Israeli-made spyware to target their victim.
About 100 of the NSO software targets are believed to have been members of civil society, including journalists, diplomats, senior government officials, and human rights campaigners, according to WhatsApp.
NSO Group has denied targeting civil society groups or individuals. As Smith noted, it also argued in American courts that it is immune from US laws against hacking because it acts on behalf of foreign governments outside US jurisdiction. The argument was dismissed and NSO is appealing the ruling.
Smith said Microsoft and other technology companies are “opposing this interpretation” and are expected to file an amicus brief with the appeals court.
Globes on Sunday quoted sources close to NSO Group that argued NSO “as a leading and known company in its field … is itself a fixed target for extensive cyberattacks and is acquainted with the enormous challenges posed by attacks, terror, and crime sponsored on the web.” Which is why “the company develops technology that will allow countries to cope with the challenges, and has developed alongside these significant regulatory policies and ethical rules and unprecedented transparency in the business sector.”