Judge says anti-hacking laws fits Pegasus case “to a T”
https://www.theregister.com/2024/01/24/us_judge_rejects_pegasus_spyware/
A US court has rejected spyware vendor NSO Group’s motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers’ iDevices with its surveillance software.
Apple sued NSO, developer of the notorious Pegasus spyware, back in November 2021 and asked the court to permanently ban NSO from using any Apple software, services, or devices. The lawsuit alleges that company violated the US Computer Fraud and Abuse Act (CFAA), California’s Unfair Competition Law, and the terms of use for Apple’s own iCloud when its spyware was installed on victims’ devices without their knowledge or consent. NSO now must answer Apple’s complaint by February 14.
Pegasus infected Apple customers’ devices via a zero-click exploit called FORCEDENTRY, according to Cupertino. Once it lands on phones, the spyware allows users to snoop on phone calls, messages, and access the phone’s camera and microphone without permission.
Despite the surveillance-software maker’s claims that it only sells to government agencies, and even then, only to investigate terrorism or other serious crimes, the software has repeatedly been used to spy on journalists, activists, political dissidents, diplomats and government officials. This has led to US sanctions against the company and several lawsuits.
Last March, NSO asked the court to toss Apple’s lawsuit, arguing that Cupertino should be required to sue the developer in Israel, its home jurisdiction. It also claimed that Apple can’t sue over CFAA violations because the iGiant itself didn’t suffer any damages or loss [PDF].
The court, in its ruling on Monday, dismissed these arguments, noting that “the anti-hacking purpose of the CFAA fits Apple’s allegations to a T, and NSO has not shown otherwise.”
“A ‘loss’ is ‘any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service’ … That is precisely the loss Apple has alleged here,” the judge continued [PDF].
- US Supremes deny Pegasus spyware maker’s immunity claim
- Apple sues ‘amoral 21st century mercenaries’ NSO for infecting iPhones with Pegasus spyware
- Think tank report labels NSO, Lazarus as ‘cyber mercenaries’
- Indian politicians say Apple warned them of state-sponsored attacks
When asked about the judge’s ruling, an NSO Group spokesperson said the software maker will fight on.
“The motion to dismiss is part of the legal process in this case,” the NSO spokesperson told The Register. “The technology in question is critical to law enforcement and intelligence agencies in their efforts to maintain public safety. We are confident that once the arguments are presented, the Court will rule in our favor.”
Apple, meanwhile, took the win, and a spokesperson told The Register that this lawsuit is just one of the ways the iGiant is fighting back against spyware vendors.
These include the new Lockdown Mode security feature, the threat notifications it sends to users who may be targets in nation-state attacks, and a $10 million grant to support civil society organizations that research spyware threats and conduct advocacy on the topic through the Ford Foundation.
How a Spy in Our Pocket Threatens the End of Privacy, Dignity, and Democracy
Global Spyware Scandal: Exposing Pegasus
Pegasus Spyware – ‘A Privacy Killer’
CyberWar, CyberTerror, CyberCrime and CyberActivism
InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory
