Federal judge rejects NSO's effort to dismiss Apple’s Pegasus lawsuit
A federal judge has denied a motion from spyware maker NSO Group to dismiss an Apple lawsuit alleging the company’s powerful Pegasus tool has violated computer fraud laws and unfairly profited off of Apple and its customers, according to a court ruling filed Tuesday.
NSO Group, a highly controversial purveyor of spyware which has been used to secretly monitor human rights activists, journalists and opposition party politicians worldwide, had argued that the court should dismiss the lawsuit because it must be heard in Israel, where NSO is based.
The Northern California District judge rejected NSO’s arguments for dismissing the case “in all respects,” validating Apple’s argument that NSO has violated the Computer Fraud and Abuse Act (CFAA) and other laws by selling the spyware to governments around the world.
“The anti-hacking purpose of the CFAA fits Apple’s allegations to a T, and NSO has not shown otherwise,” the judge said in his opinion.
NSO Group’s Pegasus has been implicated in a string of spying hacks across the globe. In 2016 Pegasus was found on a phone belonging to human rights activist Ahmed Mansoor who was working in the United Arab Emirates, a repressive country which was outed for hiring former National Security Agency hackers in 2019. Mansoor was subsequently jailed and remains in prison.
Pegasus also has been deployed in Spain, Greece, Mexico, Poland, Armenia, Hungary, Serbia and elsewhere in recent years. In September, researchers announced it had been found on a phone belonging to a Russian journalist who had been critical of Russia and its invasion of Ukraine.
NSO Group has been under fire for some time and its ownership and investors have been battered in the press, causing the company’s profits to significantly decline. It has long poured millions into lobbying to improve its reputation.
The company was blacklisted by the Biden administration in 2021, an unusual indictment of an Israeli company. The administration said at the time that its spyware had been used by foreign governments to “maliciously target” journalists, dissidents and others.
Wired reported Wednesday that NSO is quietly working to repair its reputation and has ramped up its lobbying to reverse punishing Biden administration regulations. The magazine revealed NSO published a “transparency report” on New Year’s Eve, claiming it has launched 19 investigations into “potential product misuse.” The effort is seen as an attempt to capitalize on the technology’s use in Israel’s fight against Hamas, Wired reported.
Apple’s lawsuit noted the time and expense the company has incurred in helping users detect and eradicate Pegasus.
The tech giant called the NSO Group “notorious hackers” and alleged the company allows users to create fake Apple IDs which are used to breach Apple’s servers and deploy a hack called “FORCEDENTRY.” Apple called FORCEDENTRY a “zero-click” exploit, meaning it enabled NSO or their clients to “hack into victims’ devices without any action or awareness by the victim.”
The judge also granted an NSO request to seal lawsuit material moving forward on Tuesday, a decision the court said it made “primarily on comity for the Israeli courts.”
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.