Apple sues NSO group for targeting iPhone users with powerful exploits

of [applauds-super-cautiously] department

The year of hell for the NSO Group continues. Apple is now suing Israeli exploit peddler for hacking into the iPhones of its clients – clients who include not only suspected terrorists and dangerous criminals that NSO claims its clients target with malware, but also journalists, activists, lawyers, ex-wives, religious leaders, U.S. citizens and government officials, according to NSO clients not target.

Apple isn’t the first major tech company to sue NSO for its malware. Facebook and WhatsApp sued NSO in 2019, alleging that using WhatsApp to deploy powerful exploits violated WhatsApp’s terms of service. While this is almost certainly true (deploying malware through WhatsApp is certainly not allowed), WhatsApp appears to want a decision that would expand the definition of “unauthorized access” under the Computer Fraud and Abuse Act (CFAA). ) which has already been stretched several times by DOJ prosecutors.

On the one hand, it would be undeniably nice to see NSO get slapped with an order denying them access to WhatsApp and its users, on the other hand, it would not be useful at all to turn research (security and others). ) that violate the terms of the sites of use in a federal crime.

Unfortunately, Apple trial [PDF] seems to be asking for something along the same lines. It also expands the definition of legal status, claiming it has the right to sue on behalf of its users because the reaction to the NSO malware deployment has caused it to spend some of its billions to close loopholes. of security.

That being said, Apple’s legal representatives know how to initiate legal action. Here is the first paragraph of the introduction to the combination:

The defendants are notorious hackers, amoral 21st century mercenaries who have created highly sophisticated cyber surveillance mechanisms that invite routine and flagrant abuse. They design, develop, sell, ship, deploy, operate and maintain malicious and destructive spyware and spyware products and services that have been used to target, attack and harm Apple users, Apple products and Apple. For their own business gain, they allow their customers to abuse these products and services to target individuals including government officials, journalists, businessmen, activists, academics, and even US citizens.

Hi. This is not going to help NSO’s probably permanently damaged SEO. The following paragraph builds on NSO’s reputation as an “amoral mercenary” by pointing to the recent blacklisting of the company by the US Department of Commerce – an act that almost never targets companies operating in countries other than the United States. United States sees it as close allies.

He follows these accusations with NSO’s own confession of wrongdoing.

NSO admits that its destructive products have led to violations of “basic human rights,” which have been widely recognized and condemned by human rights groups and governments, including the US government. To ensure that their products can be used by others with maximum effect, NSO would provide ongoing technical support and other services to its customers when they deploy NSO spyware against the products and users. from Apple, including journalists, human rights activists, dissidents, government officials and others. More recently, the Guardian reported that six Palestinian human rights defenders, one of whom is also a US citizen, were attacked and monitored using NSO spyware. Although NSO claims its spyware “cannot be used to conduct cyber surveillance in the United States,” US citizens have been monitored by NSO’s spyware on mobile devices that can cross international borders.

Then he starts talking about the damage Apple has suffered as a result of NSO customers targeting iPhone users.

Defendants force Apple into continuing arms race: Even as Apple develops solutions and improves the security of its devices, defendants are constantly updating their malware and exploits to overcome Apple’s own upgrades. Apple security.

These constant recovery and prevention efforts require significant resources and impose enormous costs on Apple. The defendants’ illegal malware activities have caused and continue to cause significant damage to Apple in excess of $ 75,000 and in an amount to be proven at trial.

This is the amount of damages necessary to maintain a trial in federal court. But later in the lawsuit, Apple specifically cites the CFAA-amended law and cites a much lower price for the actual pecuniary damage.

The defendants’ actions caused Apple a loss as defined by 18 USC § 1030 (e) (11), in an amount greater than $ 5,000 over a period of one year, including the expense of resources to investigate and remedy the conduct of the defendants.

This puts the CFAA on the line as Apple defends its users’ name and its own defensive efforts. But standing up is a tricky thing, as is attempting to hold NSO directly accountable for the activities of its clients.

Apple is trying to show its position by claiming that end users are just loan software it creates, so iPhone users targeted by NSO malware actually see their rented homes damaged by home invaders. Apple is the owner, so to speak, so it thinks it owes direct compensation for something that has happened to its tenants. That’s a dangerous argument to make, given it’s the same one the DOJ made when it tried to force Apple to break the encryption on the San Bernardino shooter’s iPhone.

The accused violated and attempted to violate 18 USC § 1030 (a) (2) because they intentionally accessed and attempted to access the iOS operating system on Apple users’ devices without authorization and, upon information and belief, obtained information from the devices of Apple users.

The defendants violated 18 USC § 1030 (a) (4) because they knowingly and with intent to defraud accessed the operating system on Apple users’ devices without authorization using information from Apple’s servers. ‘Apple then installed highly invasive spyware on the devices of these Apple users, and by means of such conduct fostered the intended fraud and obtained something of value.


Apple retains ownership of its operating system software in accordance with its software license agreements.

We’ll see which stretch works best. Apple wants to be able to represent the users who have been targeted, citing its licenses and its own (seemingly minimal) expense related to fixing security vulnerabilities. NSO, on the other hand, will want to withdraw from this lawsuit and has made its own creative arguments to defend itself against the WhatsApp litigation.

It remains to be seen whether her argument that she cannot be sued directly for the actions of her clients will convince the court to dismiss WhatsApp’s lawsuit. But he has already seen another of his defenses shot down on appeal, which refused to extend sovereign immunity to the private company that sold exploits to government agencies. The Ninth Circuit refused to accept the argument that selling products to government agencies makes it an extension of that government agency for immunity purposes.

We’ll see what the court will do with it. We already know that at least one of NSO’s defenses is ruled out by precedent. But we shouldn’t necessarily be cheering on Apple just because the target of its lawsuit is wrong. A move in favor of Apple’s CFAA claims could prove disastrous for researchers and others who circumvent terms of service restrictions for far less malicious reasons.

From the good side, Apple distributes a lot of money to researchers who exposed many wrongdoing from the customers of NSO Group.

Apple commends groups like the Citizen Lab and Amnesty Tech for their groundbreaking work to identify cyber surveillance abuses and help protect victims. To further bolster efforts like these, Apple will pay $ 10 million, along with any damages caused by the lawsuit, to organizations pursuing cyber surveillance research and advocacy.

Apple will also support accomplished Citizen Lab researchers with technical, threat intelligence, and pro bono engineering assistance to facilitate their independent research mission and, where appropriate, provide the same assistance to other organizations performing work. essential in this space.

In addition to this, Apple will continue to inform users that it believes they have been targeted by NSO malware, which will only result in more negative press for the malware vendor. If NSO wanted to be seen as a skilled warrior in the fight against international crime and terrorism, it missed that chance when it decided to sell off to notorious human rights abusers and engage in zero surveillance. of the use of its products. He has earned the reputation he has now and will carry with him forever no matter how this trial goes.

Thanks for reading this Techdirt post. With so much competing for attention these days, we really appreciate you giving us your time. We work hard every day to bring quality content to our community.

Techdirt is one of the few media that is still truly independent. We don’t have a giant company behind us, and we rely heavily on our community to support us, at a time when advertisers are less and less interested in sponsoring small independent sites – especially a site like ours that does not want to put his finger on his reports. and analysis.

While other websites have resorted to pay walls, registration requirements, and increasingly annoying / intrusive advertising, we’ve always kept Techdirt open and accessible to everyone. But to continue this way, we need your support. We offer our readers a variety of ways to support us, from direct donations to special subscriptions and cool products – and every little bit counts. Thank you.

–The Techdirt team

Filed under: cfaa, exploits, iphones, license, malware, property, research, spyware
Companies: apple, nso group

Source link

About Michael S. Montanez

Check Also

MIMEDX GROUP, INC. Management’s Discussion and Analysis of Financial Condition and Results of Operations (Form 10-Q)

Insight MIMEDX is a transformational placental biologics company, developing and distributing placental tissue allografts with …