Within the context of the ongoing legal proceedings between the social media giant and the Israeli spyware vendor, a judge in the United States has issued an order requiring NSO Group to provide Meta with the source code for Pegasus and other products.
Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute spyware to approximately 1,400 mobile devices between April and May, has been awarded a significant legal victory as a result of this decision, which marks a major victory for the company. Additionally, there were twenty Indian journalists and activists involved in this issue.
When these attacks were carried out, they took advantage of a zero-day vulnerability in the instant messaging app (CVE-2019-3568, CVSS score: 9.8), which was a critical buffer overflow bug in the voice call functionality. This vulnerability allowed Pegasus to be delivered by simply placing a call, even in situations where the calls were left unanswered.
Additionally, in an effort to avoid detection, the attack chain included steps that were designed to remove the information about incoming calls from the logs.
The court documents that were released at the end of the previous month indicate that NSO Group has been requested to “produce information concerning the full functionality of the relevant spyware,” more specifically for a period of time spanning from one year prior to the alleged attack to one year following the alleged attack (that is, from April 29, 2018 to May 10, 2020).
Having said that, the company is exempt from the requirement to “provide specific information regarding the server architecture at this time” due to the fact that WhatsApp “would be able to glean the same information from the full functionality of the alleged spyware.” It has been spared from disclosing the identities of its customers, which is perhaps considered to be of greater significance.
Despite the fact that the decision made by the court is a positive development, it is disheartening to learn that NSO Group will be permitted to continue concealing the identities of its clients, who are accountable for this unlawful targeting, as stated by Donncha Ó Cearbhaill, who is the head of the Security Lab at Amnesty International.
The United States government imposed sanctions on NSO Group in 2021 for the company’s involvement in the development and distribution of cyber weapons to governments of other countries. These governments “used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
Meta, on the other hand, is coming under increasing scrutiny from consumer and privacy organizations in the European Union who are concerned about its “pay or okay” (also known as pay or consent) subscription model. These organizations believe that this model presents a Hobson’s choice between paying a “privacy fee” and agreeing to be tracked by the company.
“This imposes a business model in which privacy becomes a luxury rather than a fundamental right, directly reinforcing existing discriminatory exclusion from access to the digital realm and control over personal data,” they said, adding that the practice would undermine the regulations that are designed to protect individuals’ privacy under the General Data Protection Regulation (GDPR).
Recorded Future has recently disclosed a new multi-tiered delivery infrastructure that is associated with Predator, which is a mercenary mobile spyware that is managed by the Intellexa Alliance. This new development comes at the same time.
Customers of Predator are highly likely to be associated with the infrastructure network. These customers are located in countries such as Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. It should be brought to your attention that up until this point, there had been no Predator customers established in Botswana or the Philippines.
“Although Predator operators respond to public reporting by altering certain aspects of their infrastructure, they seem to persist with minimal alterations to their modes of operation; these include consistent spoofing themes and focus on types of organizations, such as news outlets, while adhering to established infrastructure setups,” according to the organization.
In its own report about the Predator spyware ecosystem, Sekoia stated that it discovered three domains that were associated with customers in Botswana, Mongolia, and Sudan. Additionally, it stated that it discovered a “significant increase in the number of generic malicious domains that do not give indications on targeted entities and possible customers.”
