The last few months of this already troubled year will also be remembered for reports of massive and high-profile data security breaches, a.k.a. hacking. From security firm FireEye’s disclosure to the still-spreading SolarWinds exploit, the incidents have revealed not only the flaws in current software but also the lapses in organizations and laws in protecting data, especially private ones. Facebook has been on the receiving end of that hack last year and has sought legal action against one of the biggest sources of hacking tools and is now joined by Microsoft, Google, and Cisco in its fight against the NSO Group.
The Israeli-based NSO Group is both famous and infamous for developing and selling tools used for hacking devices and computer systems and spying on users. Those users are often activists, political personalities, government officials, and company executives and the NSO Group’s customers include governments and law enforcement agencies of several countries, including and most especially autocratic and repressive ones. The latter fact is why the NSO Group is arguing that it couldn’t be sued, citing the legal doctrine of sovereign immunity.
The NSO Group already lost that argument in the North District of Carolina in July but is appealing to get that overturned by the Ninth Circuit of the US Court of Appeals. Now tech companies like Microsft, Google, Cisco, Dell, and the Internet Association have filed an amicus brief to fight that appeal. In a nutshell, the companies argue that giving the NSO Group free reign would arm even more foreign governments with dangerous spying tools, especially against the US.
NSO naturally portrays its surveillance tools as weapons to fight crime and maintain security within their customers’ respective countries but reports have tried to prove otherwise. Pegasus was its most notorious spyware which was allegedly used to spy on journalists, political activists, and dissidents. It may have even led to the death of a Washington Post journalist in 2018.
More recently, another NSO Group spyware was allegedly discovered to be behind a massive hack that spied on 36 Al Jazeera employees. The hack exploited a zero-click vulnerability in iMessage on iPhones running older versions of Apple’s mobile operating system.