Apple files lawsuit against Israel's NSO Group over Pegasus spyware
The lawsuit is the second of its kind by a private company, after Facebook sued NSO Group in 2019 for targeting its users on WhatsApp, and represents a growing trend among US tech companies attempting to curb the use of Israeli spyware across their platforms.
"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," Craig Federighi, Apple's senior vice president of software engineering, said in a statement.
"While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe."
In addition to holding NSO accountable for targeting Apple devices, the California-based tech giant also wants to permanently prevent it from using any Apple software, services or devices.
Such a move could potentially render the company's Pegasus spyware product worthless, given that much of its business is to give clients full access to a user's Apple or Android smartphone.
"The steps we're taking today will send a clear message: in a free society, it is unacceptable to weaponise powerful state-sponsored spyware against those who seek to make the world a better place," said Ivan Krstic, the head of Apple security engineering and architecture.
'Advocate for the truth'
In response to the lawsuit, an NSO spokesperson told Middle East Eye that "thousands of lives were saved around the world thanks to NSO Group's technologies used by its customers. Paedophiles and terrorists can freely operate in technological safe havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth."
After filing its lawsuit, Apple also announced that it would provide assistance, as well as donate $10m, to Canada-based Citizen Lab and other groups working to combat digital surveillance.
In July, Amnesty International, Forbidden Stories and a group of international media organisations revealed that Pegasus spyware had been used in hacks of smartphones belonging to journalists, government officials, human rights activists and political leaders. The investigative group revealed it had acquired a list of 50,000 phone numbers that appeared to be targets identified by the Israeli company's clients to be spied upon using Pegasus.
A forensic analysis showed that MEE’s Turkey bureau chief Ragip Soylu had his phone infected by Saudi Arabia, using Pegasus. Amnesty said the software was active on Soylu's phone between February and July 2021, infecting it via an iMessage.
Among leading political figures targeted by the spyware, MEE revealed that Rached Ghannouchi, the speaker of Tunisia's parliament and head of the Ennahda party, had also been a target of Saudi Arabia.
NSO has suffered several devastating blows since the revelations in the summer.
Sources told the MIT Technology Review that the French government was finalising plans to buy Pegasus spyware in July, but cut off negotiations when it realised politicians, including President Emmanuel Macron, may have been targeted with the product,
After the story about Apple broke on Tuesday, France’s Ministry for Europe and Foreign Affairs denied that it had been in the process of purchasing NSO Group products.
The UK's Foreign, Commonwealth and Development Office (FCDO) declined to say whether the British government is an NSO Group customer when asked by MEE earlier this week.
On 3 November, the US Commerce Department blacklisted the NSO and Candiru, another Israeli spyware company, saying their activities were in contravention of American national security interests. The move bans NSO Group and Candiru from purchasing parts and components from US companies without a special licence. On Monday, the credit rating service Moody's found that after the restrictions in the US, NSO was facing a growing risk of default on around $500m of debt.
Following the action by the Facebook-owned messaging service WhatsApp, which first sued NSO in 2019 over the alleged targeting of its servers in California, tech giants Google and Microsoft joined forces last December and filed an amicus brief in support of that lawsuit, saying that they hope the legal efforts "will help protect our collective customers and global digital ecosystem from more indiscriminate attacks".
One week after the US's blacklisting of the company, a federal appeals court rejected NSO's motion to dismiss the WhatsApp lawsuit, saying the Israeli company's argument that it had "foreign sovereign immunity" did not stand.