Microsoft, Google Back WhatsApp In Fight Against NSO’s Pegasus Spyware

A coalition of tech companies, including Microsoft, Twitter, Google and Amazon, has sided with WhatsApp in its legal battle against Israel-based intelligence firm NSO Group, which develops and sells Pegasus spyware, which affected Indian journalists, activists and lawmakers.

The spyware was allegedly used to hack into smartphones and snoop on personal data through WhatsApp. NSO Group develops and sells the Pegasus spyware to state actors, which is then used to target and stealthily hack into the devices of its targets. The spyware can track the victim’s location, read messaging and listen to phone calls. It can also steal users photos, files and siphon off information from users’ devices.

Last year, Pegasus was found to be used to spy on at least 1,400 devices owned by journalists, academicians, lawyers and activists across 20 countries. In India, personal data of about 21 WhatsApp users might have been accessed through Pegasus, IT minister Ravi Shankar Prasad had said at the time.

The coalition against NSO and Pegasus also includes Microsoft subsidiaries LinkedIn and GitHub, Cisco, VMware and the Internet Association, which represents tech giants like Amazon, Facebook and Twitter. It warned that the development of spyware and espionage tools make ordinary people less safe and secure.

The group also pointed out that there is always a risk of such a tool falling into the wrong hands, and therefore demanded that the court should not allow NSO Group to claim or be subjected to immunity.

Commenting on the same, Microsoft’s customer security and trust chief Tom Burt, wrote in a blog post, “Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve… e hope that standing together with our competitors today through this amicus brief will help protect our collective customers and global digital ecosystem from more indiscriminate attacks.”

While WhatsApp was facing the heat for its vulnerability and lack of security, the instant messaging app accused the NSO Group for carrying out the attack. The Facebook-owned company also alleged that it has proof against the Israel-based company owned by Q Cyber Technologies.

“In our complaint, we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective. We are seeking a permanent injunction banning NSO from using our service,” WhatsApp said.

The company added that the attackers had used servers and internet-hosting services that were previously associated with NSO Group. Moreover, the company claims that it was able to track certain accounts, which were used to attack and spy, back to NSO.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.