Spyware Case Against NSO Group

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.

The development was first reported by The Washington Post on Friday.

The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle the rise of commercial spyware, have "substantially weakened" the defendants.

"At the same time, unfortunately, other malicious actors have arisen in the commercial spyware industry," the company said. "It is because of this combination of factors that Apple now seeks voluntary dismissal of this case."

Cybersecurity

"While Apple continues to believe in the merits of its claims, it has also determined that proceeding further with this case has the potential to put vital security information at risk."

Apple originally filed the lawsuit against the Israeli company in November 2021 in an attempt to hold it accountable for illegally targeting users with its Pegasus surveillance tool.

It described NSO Group, a subsidiary of Q Cyber Technologies Limited, as "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse."

Earlier this January, a federal judge denied a motion from NSO Group to dismiss the lawsuit under the grounds that the company is "based in Israel and Apple should have sued them there," with the court stating that "the anti-hacking purpose of the [Computer Fraud and Abuse Act] fits Apple's allegations to a T, and NSO has not shown otherwise."

The global spyware market

In its motion for voluntary dismissal, Apple said three major developments have been a contributing factor: The risk that the threat intelligence information it has developed to protect users against spyware attacks could be exposed, pointing to a July 25, 2024, report from The Guardian.

The British newspaper revealed that Israeli officials had seized documents from NSO Group in July 2020 in an apparent effort to stop the handover of information about the notorious hacking tool as part of the company's ongoing legal tussle with Meta-owned WhatsApp, which filed a similar lawsuit in 2019.

"The seizures were part of an unusual legal maneuver created by Israel to block the disclosure of information about Pegasus, which the government believed would cause 'serious diplomatic and security damage' to the country," The Guardian noted at the time.

Apple also cited as reasons the changing dynamics in the commercial spyware industry and the proliferation of different spyware companies, as well as the possibility of revealing to third-parties "the information Apple uses to defeat spyware while defendants and others create significant obstacles to obtaining an effective remedy."

The development comes as the Atlantic Council divulged that the individuals behind some of the spyware vendors in Israel, Italy, and India that have come under the scanner for enabling authoritarian regimes to spy on human rights advocates, opposition leaders, and journalists have sought to rename them, start new ones, or undertake strategic jurisdiction hopping.

Cybersecurity

Case in point, Intellexa, the now-sanctioned company behind the Predator spyware, has resurfaced with new infrastructure in connection with its ongoing use by likely customers in countries such as Angola, the Democratic Republic of the Congo (DRC), and Saudi Arabia.

"Predator's operators have significantly enhanced their infrastructure, adding layers of complexity to evade detection," cybersecurity company Recorded Future's Insikt Group said.

"The new infrastructure includes an additional tier in its multi-tiered delivery system, which anonymizes customer operations, making it even harder to identify which countries are using the spyware."

NSO Group Responds

Israeli company NSO Group has responded to Apple's motion to dismiss the lawsuit against it, stating it "agrees that this matter should be dismissed," and that it produces lawful-intercept technologies for government agencies to investigate crime and combat terrorism.

It also said the tool is a response to the increased adoption of end-to-end encryption (E2EE) by companies that facilitate malicious actors to carry out narcotics trafficking, human trafficking, child exploitation, and other serious crimes.

"Companies that provide E2EE technology and similar technologies have repeatedly refused to cooperate with law enforcement and intelligence agencies to counter these threats, including [Apple]," it noted in a court filing on September 27, 2024. "In contrast, NSO develops lawful-intercept tools like Pegasus that are necessary for our world to be safer."

It further said Apple's grounds for seeking dismissal lack sufficient explanation and underscore a lack of diligence, stating the company's claims of having to reveal sensitive information is part of the discovery process and that there was always a "possibility that additional participants may enter a particular market."

Lastly, NSO Group said it has not shared any confidential information produced by WhatsApp and Facebook in connection with a separate lawsuit to parties "not entitled to receive it under the applicable protective order."

"Nobody has ever claimed that any information confidential to Apple or any other NSO adversary has been disclosed or leaked, and Apple irresponsibly suggests that NSO, its counsel, or anyone else would fail to preserve the security of Apple's confidential material."


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.