In 2019, the Israeli tech company NSO Group found itself at the centre of a scandal alleged that its Pegasus program was being used to hack WhatsApp. The specific attack technique allowed attackers to inject spyware into Android and iOS devices by simply calling them. In this case, the infection was carried out even if the victim did not answer the call.
WhatsApp repaired the vulnerability and later sued the NSO Group for its malicious actions. NSO Group has repeatedly denied wrongdoing, using immunity, it claims that Pegasus is being used on behalf of the government. Following recent reports of hacking Al Jazeera journalists using software developed by the NSO Group, Microsoft and other corporations have joined in the fight against the Israeli firm.
In a Microsoft blog, Tom Barth, corporate vice president of Customer Security & Trust, called the NSO Group cyber-mercenaries of the 21st century and stated that they should not receive immunity. Microsoft, Cisco, GitHub, Google, LinkedIn, VMWare and the Internet Association have joined WhatsApp’s lawsuit against the NSO Group with a short friendly address. Simply put, these companies are ready to assist the court by offering technical expertise.
Microsoft highlighted that Pegasus infected the WhatsApp messenger on 1,400 devices last year, including journalists and prominent figures fighting human rights abuses. It is noted that the NSO Group’s business model is hazardous for several reasons. First of all, there is no guarantee that cyber weapons will not fall into the wrong hands. Even if the NSO Group sells Pegasus only to governments, the software could be transferred to customers who lack adequate security, leading to the theft of a very dangerous hack. Microsoft also said that private sector companies building such cyber weapons are not subject to governments’ same restrictions.
Finally, the IT giant emphasized that such tools, developed by private security firms, pose a threat to human rights and privacy. The publication states that NSO Group clients are scattered worldwide and are using cyber weapons to track down journalists and other groups. Microsoft has indicated that even if the NSO Group’s own intent is not to violate human rights, its tools certainly allow its customers to commit such violations.
Ultimately, Microsoft insists that private companies such as the NSO Group be held accountable for any violations of the law committed through their tools and should not be granted immunity under any circumstances. The consolidation of these IT companies hopes that the ongoing efforts will help protect all their clients’ rights and privacy around the world.