Five things we learned from WhatsApp vs. NSO Group spyware lawsuit
On Tuesday, WhatsApp scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company.
The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than 1,400 of its users by taking advantage of a vulnerability in the chat app's audio-calling functionality.
The verdict came after a week-long jury trial that featured several testimonies, including NSO Group's CEO Yaron Shohat and WhatsApp employees who responded and investigated the incident.
Even before the trial began, the case had unearthed several revelations, including that NSO Group had cut off 10 of its government customers for abusing its Pegasus spyware, the locations of 1,223 of the victims of the spyware campaign, and the names of three of the spyware maker's customers: Mexico, Saudi Arabia, and Uzbekistan.
TechCrunch read the transcripts of the trial's hearings and is highlighting the most interesting facts and revelations that came out. We will update this post as we learn more from the cache of more than 1,000 pages.
The zero-click attack, which means the spyware required no interaction from the target, 'worked by placing a fake WhatsApp phone call to the target,' as WhatsApp's lawyer Antonio Perez said during the trial. The lawyer explained that NSO Group had built what it called the 'WhatsApp Installation Server,' a special machine designed to send malicious messages across WhatsApp's infrastructure mimicking real messages.
'Once received, those messages would trigger the user's phone to reach out to a third server and download the Pegasus spyware. The only thing they needed to make this happen was the phone number,' said Perez.
NSO Group's research and development vice president Tamir Gazneli testified that 'any zero-click solution whatsoever is a significant milestone for Pegasus.'
Do you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
For years, NSO Group has claimed that its spyware cannot be used against American phone numbers, meaning any cell number that starts with the +1 country code.
In 2022, The New York Times first reported that the company did 'attack' a U.S. phone but it was part of a test for the FBI.
NSO Group's lawyer Joe Akrotirianakis confirmed this, saying the 'single exception' to Pegasus not being able to target +1 numbers 'was a specially configured version of Pegasus to be used in demonstration to potential U.S. government customers.'
The FBI reportedly chose not to deploy Pegasus following its test.
NSO's CEO Shohat explained that Pegasus' user interface for its government customers does not provide an option to choose which hacking method or technique to use against the targets they are interested in, 'because customers don't care which vector they use, as long as they get the intelligence they need.'
In other words, it's the Pegasus system in the backend that picks out which hacking technology, known as an exploit, to use each time the spyware targets an individual.
In a funny coincidence, NSO Group's headquarters in Herzliya, a suburb of Tel Aviv in Israel, is in the same building as Apple, whose iPhone customers are also frequently targeted by NSO's Pegasus spyware. Shohat said NSO occupies the top five floors and Apple occupies the remainder of the 14-floor building.
The fact that NSO Group's headquarters are openly advertised is somewhat interesting on its own. Other companies that develop spyware or zero-days like the Barcelona-based Variston, which shuttered in February, was located in a co-working space while claiming on its official website to be located somewhere else.
Following the spyware attack, WhatsApp filed its lawsuit against NSO Group in November 2019. Despite the active legal challenge, the spyware maker kept targeting the chat app's users, according to NSO Group's research and development vice president Tamir Gazneli.
Gazneli said that "Erised," the codename for one of the versions of the WhatsApp zero-click vector, was in use from late-2019 up to May 2020. The other versions were called "Eden" and "Heaven," and the three were collectively known as "Hummingbird."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Meta, Robinhood & AppLovin, Circle: Trending Tickers
Catalysts host Madison Mills and Citizens JMP Securities CEO Mark Lehmann discuss some of the day's top trending stories. Meta (META) is reportedly planning a multibillion-dollar investment in artificial intelligence (AI) startup Scale AI to expand its tech edge, according to Bloomberg. Robinhood (HOOD) and AppLovin (APP) are falling after not being added to the S&P 500 (^GSPC) during the index's quarterly rebalance. Circle Internet Group's (CRCL) continues to climb since its initial public offering (IPO). To watch more expert insights and analysis on the latest market action, check out more Catalysts here. It's now time for some of today's trending tickers. We are watching meta, Robin Hood and App Lovin and Circle. First up meta and talks to make a multi-billion dollar investment into artificial intelligence startup scale AI. This according to a report from Bloomberg. Now the financing could exceed $10 billion, which would make it one of the largest private company funding events of all time. Mark is still here with me to discuss. Mark, what do you make of this deal from meta? Why does it make sense for them? Well, it's AI all the time. Uh, and I think like meta has certainly become one of the beneficiaries of that, of the publicly traded companies who have taken advantage of what they have in their core base and their uniqueness of their data. And I think we've my analyst Andrew Boon has been saying that for a very long time. We've had to stick with the winners theme at citizen for a while, and I think meta is certainly a winner there, and they want to promote, um, and accelerate what they're already doing. I think it's a great idea for them and frankly, it's a modest investment for them. It's really modest when you think about that at a big scale potential. Yeah, I think that context is really important too because it might be a big deal when it comes to the private company side, but for meta, it's not necessarily a ton of cash. All right, well, next up, let's talk about Robin Hood and App Lovin failing to gain inclusion into the S&P 500. S&P Dow Jones Indices is making no changes to the S&P 500 and it's quarterly rebalancing. Before the rebalancing, a number of analysts had named Robin Hood and App Lovin as contenders to join the index, both stocks getting hit off the back of that news, Robin Hood down nearly 7%, App Lovin down almost 6%. Were you surprised by this at all, Mark? You know, playing the add subtract game is a hard one. It's been going on for my 30 years on Wall Street. Uh, I was a little surprised. I think it's an eventuality, frankly, with Robin Hood. Uh, and Devin Ryan, who you know well, our analyst thinks the same. Uh, we also think Robin Hood, um, is really one of the prime beneficiaries of the next decade about what they're creating, something scalable, something not really replicable and unique and a great brand. So we are very bullish on Robin Hood. Playing the add game is tough. Uh, sometimes it works really wonderfully and today it's not so much, but I think it's an eventuality. It's just a reminder too to folks about the importance of these rebalancing decisions and the degree to which they weigh on the S&P. It really is, and it's a big testament to the right companies that they want to add. They take this very seriously as they should. And I think it's really important. Um, you look at the adds and subtracts over time and not only the indexes, look at what they do with the Dow over time. Think about what was in the Dow 10, 15, 20 years ago, um, and, you know, adding Salesforce when they did, a 25 year old, they added it. I think it's five, six years ago. But when they added that, think about what that was a testament to what Mark Benioff has built, and it's a 25-year-old company. So I think those kind of statements are quite important. S&P is obviously a much bigger index, and they they take this real seriously as they should. As they should, absolutely. Well, finally, here, let's talk about circle continuing to climb after its strong Nasdaq debut. The stable coin issuer soaring 168% on Thursday, raising more than $1 billion in its IPO. And you can see those climbing shares continuing here up nearly another 16%. Is this just going to keep happening every day with Circle? Probably not. Um, I've seen this movie before in 2000. Uh, I by no means I'm saying this is analogous to 2000 with some of the internet stocks that took this kind of move higher. Um, there's a scarcity value. There are very few IPOs. We just talked about that. There'll be more. Um, we launched on eToro today with when public about a month ago, that's similarly doing well, not quite as well as that, but, um, there's scarcity value and people want to play this market, and there's very few ways to play that. And I think they're benefiting from that. There's not a lot of float. Right. That's what happens. Right. Exactly. Yeah, great overview, Mark. Thank you. Inicia sesión para acceder a tu cartera de valores
Fast Company
an hour ago
- Fast Company
Who is Alexandr Wang? Scale AI's young billionaire CEO will head Meta's new ‘superintelligence' lab
Meta, which owns and operates Facebook and Instagram—as well as Threads, Messenger, and WhatsApp—has tapped Alexandr Wang, the CEO and founder of the startup Scale AI, to head up its new artificial intelligence research lab, according to The New York Times. It is also in talks to invest over $10 billion in the company, Bloomberg reported. The lab will be dedicated to pursuing AI 'superintelligence'—an AI system that would reportedly surpasses human intelligence—and is part of Meta's larger reorganization of its AI efforts as it faces internal struggles over the technology and some of its products, per the Times. Meta is just one of many tech companies to throw its hat into the competitive, high-stakes—and expensive—AI development space. Back in January of this year, Meta's CEO Mark Zuckerberg said the social technology company plans to invest between $60 billion to $65 billion in capital expenditures this year alone to build out its AI infrastructure. (Meta is also building a large data center that would reportedly 'cover a significant part of Manhattan' to power its AI offerings, according to Zuckerberg.) What does Scale AI do? Scale AI delivers high-quality training data for AI applications to a number of tech companies in the AI space, including: OpenAI, Google, Microsoft, and of course, Meta. The company expects revenue to more than double to $2 billion this year, from about $870 million in 2024, per CNBC. Scale AI is already working with governments in Asia, the Middle East, and Europe, and recently signed a deal with Qatar in February that will include developing AI voice, chat, and email agents for contact centers, Business Insider reported. Scale AI also signed a contract with the U.S. Defense Department to enable the military to use AI for 'operational decision-making.' While its financials are confidential, Scale AI is reportedly planning a potential tender offer for employees and early investors at a valuation of $25 billion, BI reported. Who is Alexandr Wang, the young billionaire behind Scale AI? Wang founded Scale AI in 2016 in San Francisco at age 19, out of Y Combinator 's startup incubator, after dropping out of MIT.
Bloomberg
an hour ago
- Bloomberg
US and Mexico Near Deal to Cut Steel Duties and Cap Imports
The US and Mexico are closing in on a deal that would remove President Donald Trump's 50% tariffs on steel imports up to a certain volume, according to people familiar with the matter, a revamp of a similar deal between the trade partners during his first term. Trump hasn't been directly involved in the negotiations and would need to sign off on any deal. The talks are being led by Commerce Secretary Howard Lutnick, according to the people, who asked not to be identified as the discussions are private.
