Microsoft, Google and several other major tech companies on Monday filed a legal brief supporting an El Salvadoran journalist whose employees were targeted with powerful mobile phone spyware, arguing that he should be allowed to sue the software developer in a U.S. court.
In March, a federal judge in California issued a ruling He was fired The lawsuit filed by Karius Dada and other overseas plaintiffs against Israeli spyware company NSO Group, saying They had no right to sue in the United States because the case was “entirely foreign.”
the Amicus Curiae Brief Argues Google, Microsoft and other U.S. tech companies backing the plaintiffs have worked closely with policymakers to bolster cybersecurity and collectively spend billions of dollars annually to support it, in part by working to monitor and disrupt spyware.
The denial has now been appealed, prompting the tech companies to appear to assert that they have a “strong interest in ensuring that entities that facilitate surreptitious access to their products are held accountable in US courts.”
“Even if NSO’s spyware is not used to target U.S. citizens and officials, the proliferation of these tools would cause significant harm to important U.S. interests,” the memo said, noting that the spyware undermines customers’ trust in its products and threatens national security.
Prosecutors had asked the judge to force NSO Group to return and erase all information accessed through the hacks and to name the customers who sought to obtain the Pegasus spyware used in it.
Pegasus targets thousands in civil society
Dada was a founder and director of El Faro, an El Salvadoran news agency that was investigating its government’s hidden ties to violent gangs when his phones and those of several of his employees were infected with Pegasus spyware.
Pegasus was manufactured by NSO and was allegedly installed on the phones of 22 El Faro employees between June 2020 and November 2021, according to digital forensics researchers.
The lawsuit, the first brought by journalists against the spyware maker in a US court, centers on the fact that El Faro employees’ phones were infected with Pegasus 226 times between June 2020 and November 2021. according to The Knight First Amendment Institute at Columbia University, which brought the case.
NSO Group is also currently Sue her By Meta-owned WhatsApp, which confirms that about 1,400 of its users were also hacked by Pegasus and that US-based Amazon Web Services was unaware Store Pegasus code for years.
In addition to Google and Microsoft, GitHub, LinkedIn, and Trend Micro have joined in filing a legal brief supporting the plaintiffs in the lawsuit as they continue their appeal of the dismissal.
The memo cites Amnesty International’s July 2021 report, Forbidden Stories. investigation Known as Project Pegasus, it has published over 50,000 phone numbers found in a leaked database. Some of the numbers are believed to have been hacked using Pegasus.
The organizations found phone numbers belonging to 14 heads of state — including those from France, Iraq, Morocco, Pakistan and Egypt — along with 600 government officials and more than 180 journalists in the database, according to the report. Pegasus can only be installed if the attackers have a specific target’s phone number.
The report noted that the majority of phones analyzed as part of a study of a relatively small subset of the database’s list of numbers contained evidence of Pegasus spyware.
“NSO admits to selling Pegasus software to nearly 40 different governments around the world,” the memo said, noting that the company Claims It works hard to vet its clients for human rights abuses in part by allowing its spyware to be used only by law enforcement and intelligence agencies, primarily in counterterrorism efforts.
However, the report noted that the fact that the database included targets unrelated to crime or terrorism, including also executives, religious leaders and academics, shows that “such protections – if they exist at all – have failed to prevent abuse.”
“It appears that once a government purchases NSO’s Pegasus software, it can use the tool to hack and spy on whomever it wants,” the report added.
Google and Microsoft’s Motives
Microsoft explained its reasons for submitting the file. Site Blog The report was written by the company’s assistant general counsel for cybersecurity policy and protection, who said the company has long demonstrated its belief that cyber mercenaries like NSO Group “don’t deserve immunity.”
“Despite the measures taken by governments, regulators and technology companies, their impact on user security continues to grow as the market expands,” the blog post said. “More needs to be done.”
The blog added that the NSO Group has consistently used Microsoft technology to attack its users, arguing that these users deserve “legal recourse” even if they are located abroad.
Google’s heads of security policy and security legal affairs also handle security. I posted a blog post Trump said Monday that while the spyware typically affects a small number of users, its “broader impact extends across society by contributing to threats to free speech, a free press, and the integrity of elections around the world.”
The post said that many victims of the spyware hacks are using US-based platforms like Android or iOS from abroad.
“The lawsuit alleges that victims of spyware attacks should be able to take legal action in the United States against spyware vendors under existing anti-hacking laws — even if they were hacked abroad,” the post said. “This is essential to narrowing the scope of attacks that spyware vendors exploit.”