Wow, @WhatsApp just dropped a bunch of hacking group NSO's IPs in their latest filing. Notably, these were servers located in the USA. THREAD
Wow, @WhatsApp just dropped a bunch of hacking group NSO's IPs in their latest filing. Notably, these were servers located in the USA. THREAD
Wow, @WhatsApp just dropped a bunch of hacking group NSO's IPs in their latest filing. Notably, these were servers located in the USA. THREAD
Its going to be hard for NSO to credibly claim that there is no US nexus to their operations when they were busy paying for server space in American data centers.
And here you have it, NSO was rocking Amazon's cloud. You have to wonder whether their customers realized how exposed these operations were to the US...
The meat of these filings is @WhatsApp's rebuttal of NSO's claim that because they sell to foreign states, they should be immune to prosecution. "Here, NSO is a for-profit commercial company - decidedly not a foreign state
The filing methodically goes through NSO's claim for derivative sovereign immunity, pointing out that "no established law recognizes the novel immunity NSO seeks"
Another point: NSO's claims immunity immunity because they work for governments, using as factual basis a statement from their CEO Shalev Hulio. But Hulio didn't identify a single government that they worked for, or cite a single contract.
The filing seems to rebut NSO's claim that the @WhatsApp lawsuit had to join foreign governments to the case. WA: we are not seeking relief from the conduct of these govs., but from NSO. (dropping in the key disclaimer: IANAL)
Plenty of reasons for personal jurisdiction: (1) NSO accepted @whatsapp TOS W/consent to CA jurisdiction & used services (2) NSO used CA servers incl. @QuadraNet (contract had a cali law clause) & funded by CA firm Francisco Partners (3) hacking was directed at WA infra in Cali.
Plenty of reasons for personal jurisdiction: (1) NSO accepted @whatsapp TOS W/consent to CA jurisdiction & used services (2) NSO used CA servers incl. @QuadraNet (contract had a cali law clause) & funded by CA firm Francisco Partners (3) hacking was directed at WA infra in Cali.
Plenty of reasons for personal jurisdiction: (1) NSO accepted @whatsapp TOS W/consent to CA jurisdiction & used services (2) NSO used CA servers incl. @QuadraNet (contract had a cali law clause) & funded by CA firm Francisco Partners (3) hacking was directed at WA infra in Cali.
Plenty of reasons for personal jurisdiction: (1) NSO accepted @whatsapp TOS W/consent to CA jurisdiction & used services (2) NSO used CA servers incl. @QuadraNet (contract had a cali law clause) & funded by CA firm Francisco Partners (3) hacking was directed at WA infra in Cali.
A reminder that NSO has a subsidiary marketing arm in the US [my note: this is West Bridge Technologies], and one of its board members lives in the US... Also flagging the "significant engineering resources" @WhatsApp expended to investigate and remediate NSO's hacking.
A reminder that NSO has a subsidiary marketing arm in the US [my note: this is West Bridge Technologies], and one of its board members lives in the US... Also flagging the "significant engineering resources" @WhatsApp expended to investigate and remediate NSO's hacking.
A reminder that NSO has a subsidiary marketing arm in the US [my note: this is West Bridge Technologies], and one of its board members lives in the US... Also flagging the "significant engineering resources" @WhatsApp expended to investigate and remediate NSO's hacking.
Fun analogy: NSO saying the hacking didn't violate CFAA because they created a @WhatsApp account is like a reader hacking @nytimes servers and manipulating other readers' comments.... "untenable consequences would flow"
NSO cited only one case, Brekka, to make this argument, an employer employee dispute, which WA says doesn't fit.
Interesting, among the harms @WhatsApp lists costs to investigate and remediate, including the cost of developing and pushing out updates to the app.
WA: NSO "misses the point" by saying that the total number of transmissions by NSO was small. The harm comes from the effect of those transmissions in impairing integrity, quality and value of @WhatsApp services.... not the total # of hacking attempts.
WA: loss of goodwill resulted from NSO's interference with our system. Also it cost us a lot of engineering time etc.
NSO's infrastructure keeps being exposed because they & some customers keep doing illegal, abusive things. If you are a law enforcement NSO customer when do you cut losses & look for a lower profile company that doesn't hit headline-making trouble every quarter?
And as an NSO customer, when do you start worrying that the FBI investigation might be logging who you are targeting with your fancy NSO deployment? https://www.reuters.com/article/us-usa-cyber-nso-exclusive/exclusive-fbi-probes-use-of-israeli-firms-spyware-in-personal-and-government-hacks-sources-idUSKBN1ZT38B
Ah! Another interesting detail, @WhatsApp engineers observed 723 NSO attacks on users in which phones, once exploited, reached out to NSO-owned servers in California (104.223.76[.]220 - @QuadraNet & 54.93.81[.]200 - @amazon)
KEY TAKEAWAY: NSO says "our clients do the hacking, not us". This filing shows NSO purchasing & operating the servers doing the hacking. This makes the company look much more like hacking-as-a-service than software developers...
...moreover, if NSO runs these infection servers then they must have logs of the connections. Sounds like they should be able to know exactly who was targeted, down to the victim device IP and time. So much for denials that they can't see what customers are doing.
...Which makes you wonder: does NSO collect detailed intelligence on their customers? Do its customers realize that NSO has this level of total visibility into what they are doing?
Very helpful! @dguido uploaded the @WhatsApp vs. NSO filings to Court Listener. https://www.courtlistener.com/docket/16395340/whatsapp-inc-v-nso-group-technologies-limited/
Docket for WhatsApp Inc. v. NSO Group Technologies Limited, 4:19-cv-07123-PJH - CourtListener.com

Docket for WhatsApp Inc. v. NSO Group Technologies Limited, 4:19-cv-07123-PJH — Brought to you by the RECAP Initiative and Free Law Project, a non-profit dedicated to creating high quality open legal...

https://www.courtlistener.com/docket/16395340/whatsapp-inc-v-nso-group-technologies-limited/
As @WhatsApp's filing shows, NSO is running some exploitation servers. Perhaps for the fancy zero-click vectors NSO handles the exploitation, then hands off to customers for full infection & C2. Side benefit to NSO: they don't leak fancy 0day to dubious customers. Guess-a-sketch:
Non-denials like "we don't operate the software for clients" are irrelevant. NSO could be doing the device exploitation, then handing off phones to customers, who then operate the C2 'software'. cc @shanvav https://www.cyberscoop.com/nso-group-us-servers-whatsapp-lawsuit/
You can follow @jsrailton.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more