In a deftly worded post on Microsoft’s official blog, the company’s corporate vice president of customer security and trust, Tom Burt, announced that Microsoft is offering support to WhatsApp’s legal case against the Israeli cyber organisation NSO Group. The case pertains to the infamous Pegasus spyware, which was seemingly installed on over 1,400 devices to spy on journalists, activists and human rights defenders on behalf of governments. Now, Microsoft joins Cisco, GitHub, Google, LinkedIn, VMWare and the Internet Association in filing an amicus brief related to the WhatsApp vs NSO Group legal battle.
The filing will count Microsoft, along with the other above-mentioned companies, as amicus curiae – a support counsel of sorts to WhatsApp, who were not directly affected by the notorious Pegasus spyware but have the jurisdiction and expertise to offer crucial information in the matter. Explaining Microsoft’s stance on the matter, Burt says, “We believe the NSO Group’s business model is dangerous and that such immunity would enable it and other private sector offensive actors (PSOAs) to continue their dangerous business without legal rules, responsibilities or repercussions.”
The NSO Group, it is important to note, has been behind a number of rampaging spyware and malware tools, which work in far more advanced techniques than standard spyware and malware found in mainstream hacker forums. Pegasus, for instance, could be installed on devices of any target by simply calling them, that too in a call that the target does not even need to answer. The spyware would install through a secret open exchange backdoor that was present in WhatsApp earlier, and the NSO Group has claimed in its defence that such tools have been made by the organisation to supply government agencies. Therefore, the NSO Group has claimed that it enjoys governmental immunity from legal prosecution when it comes to how such tools end up in the hands of cyber criminals.
Explaining the threat in three points, Burt states, “Previously, sophisticated nation-state hacking capabilities resided in a small number of governments with well-funded agencies focused on developing these weapons. Even then, government-created espionage tools got into the hands of other governments who used them in attacks like WannaCry and NotPetya that spread like wildfire beyond the targeted victims and ultimately devastated lives and disrupted businesses around the world. Lowering the barrier for access to these weapons would guarantee that such catastrophes would be repeated.”
He further adds, “Private actors like the NSO Group are only incentivised to keep these vulnerabilities to themselves so they can profit from them, and the exploits they create are constantly recycled by governments and cybercriminals once they get into the wild.”
Finally, Burt concludes, “Companies like the NSO Group threaten human rights whether they seek to or not. … Privacy is fundamental to the ability of journalists to report, of dissidents to speak their voices and of democracy to flourish and these tools threaten their rights and their lives.”
As Microsoft notes, cyber espionage tools falling into the wrong hands is not unheard of before (the US NSA’s EternalBlue being one of the most notable examples). However, the company’s move to join Google, Cisco and others is in hope of increasing accountability and preventing such cyber operations companies from running free – hence strengthening WhatsApp’s case against the notorious NSO Group.
Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page