Tag: lawsuit

Apple sues NSO Group over “Pegasus” spyware

30. November 2021

On November 25th, Apple announced in a press release that it has filed a lawsuit against NSO Group Technologies Ltd. (NSO Group) to hold them accountable for their spy software “Pegasus”.

NSO Group is a technology company that supplies surveillance software for governments and government agencies. Applications like Pegasus exploit vulnerabilities in software to infect the target’s devices with Trojans. Pegasus is a spyware that can be secretly installed on cell phones (and other devices) running most iOS and Android versions. Pegasus is not a single exploit, but a series of exploits that exploit many vulnerabilities in the system. Some of the exploits used by Pegasus are zero-click, which means that they can be executed without any interaction from the victim. It is reorted to be able to read text messages, track calls, collect passwords, track location, access the microphone and camera of the targeted device, extract contacts, photos, web browsing history, settings and collect information from apps.

NSO Group is accused of selling its software to authoritarian governments, which use it to monitor journalists and the opposition. Accusations that the company regularly denies. According to an investigation done by a global consortium of journalists of 17 media oganizations, Pegasus has been used to monitor female journalists, human rights activists, lawyers and high-ranking politicians. There are even reports suggesting it is even used by Mexican drug cartels to target and intimidate Mexican journalists. Among the more famous confirmed Pegasus victims are Amazon founder Jeff Bezos and murdered Saudi Arabian journalist Jamal Kashoggi.

Apple wants to prevent “further abuse and harm” to Apple users. The lawsuit also demands unspecified compensation for spying on users.

In the press release Apple states:

NSO Group and its clients devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks, allowing them to access the microphone, camera, and other sensitive data on Apple and Android devices. To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks.

Ivan Krstić, head of Apple Security Engineering and Architecture is quoted:

In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place

Apple has announced the lawsuit contains new information about the so-called ForcedEntry exploit for a now-closed vulnerability that NSO Group used to “break into a victim’s Apple device and install the latest version of NSO Group’s Pegasus spyware program,” according to Apple’s press release. The vulnerability was originally discovered by Citizen Lab, a research group at the University of Toronto. Apple says it will support organizations like Citizen Lab and Amnesty Tech in their work, and will donate $10 million and any compensation from the lawsuit to organizations involved in researching and protecting against cyber surveillance. The company will also support Citizen Lab with free technology and technical assistance.

Apple is the second major company to sue NSO Group after WhatsApp Inc. and its parent company Meta Platforms, Inc.(then Facebook, Inc.) filed a complaint against NSO Group in 2019. The allogation of that lawsuit is that NSO Group unlawfully exploited WhatsApp’s systems to monitor users.

In early November 2021, the US Department of Commerce placed NSO Group on its “Entity List”. The justification for this step states that Pegasus was used to monitor government officials, journalists, business people, activists, academics and embassy staff. On the “Entity List,” the U.S. government lists companies, individuals or governments whose activities are contrary to the national security or foreign policy interests of the United States. Trade with these companies is subject to strict restrictions and in some cases is only possible with an exemption from the Department.

USA: Multi-Billion Dollar Class Action lawsuit against Google

4. June 2020

Google users in the USA accuse Google of tracking their surfing behaviour even though they use the incognito mode. The complaint was filed with the federal court in San Jose, California on Tuesday, June 2nd 2020.

Background of the lawsuit is the accusation of three Google users that “Google tracks and collects users’ browsing history and other information about web activity, regardless of what measures they take to protect it”. In other words, users accuse Google of tracking their behaviour through Google Analytics, plug-ins or apps, evaluating it and using it for advertising – despite using the incognito mode.

The complaint is based on a violation of US wiretapping laws and California Privacy laws. Each plaintiff is claiming $5,000.00 in damages. Since the three plaintiffs allegedly represent thousands more plaintiffs the volume of the lawsuit could run into billions.

Google spokesman Jose Castaneda denies the allegations, citing that by opening an incognito tab on Chrome, it is indicated that websites may continue to collect information about surfing behavior. The incognito mode is about the browser and the device used not storing this data. He announced that Google would take action against the accusations.