A group of tech companies including Microsoft today filed an amicus brief in a case brought by WhatsApp against NSO Group.
The brief outlines how private-sector offensive actors (PSOAs) such as NSO Group are “dangerous” and “powerful” because they allegedly sell cyberweapons to government customers and aim to receive legal immunity as a result.
Israel-based NSO Group is behind spyware called Pegasus that was used to access devices with just a phone call via WhatsApp. The Facebook-owned messaging platform sued NSO Group last year over the exploit.
Microsoft said it joined the brief to “help protect our collective customers and global digital ecosystem from more indiscriminate attacks.” In a blog post it said NSO Group “is attempting to cloak itself in the legal immunity afforded its government customers, which would shield it from accountability when its weapons inflict harm on innocent people and businesses.”
“We believe the NSO Group’s business model is dangerous and that such immunity would enable it and other PSOAs to continue their dangerous business without legal rules, responsibilities or repercussions,” wrote Microsoft security exec Tom Burt.
Microsoft President Brad Smith called out NSO Group in an earlier blog post in response to the recent SolarWinds breach, noting that the company and similar organizations represent “a growing option for nation-states to either build or buy the tools needed for sophisticated cyberattacks.”
This week a new report from Citizen Lab at the University of Toronto revealed how Al Jazeera journalists were hacked via spyware developed by NSO Group.
Others included on the amicus brief are Cisco, GitHub, Google, LinkedIn, VMWare, and the Internet Association. See the full brief below: