back to article Israeli spyware maker NSO channels Hollywood spy thrillers in appeal for legal immunity in WhatsApp battle

Israeli spyware maker NSO Group has taken a leaf out of Hollywood in an attempt to avoid any legal repercussions from making and selling tools that hack WhatsApp users' phones. In a submission to the Ninth Circuit Appeals Court in California, what is normally a dry legal appeal reads like a spy thriller. “In October 2019, a …

  1. Anonymous Coward
    Anonymous Coward

    Normally, hackers are jailed for writing malware and exploits.

    How should this be different?

    I'd expect governments to have departments to do this sort of thing, but that doesn't apply to third party companies just because some of their customers are supposedly "good" customers.

    Of course, they used the emotive "terrorism" and "children" angle, but that

    1. HildyJ Silver badge
      Big Brother

      Immunity

      NSO shouldn't be treated differently than someone on the black web who sells exploits and malicious software.

      NSO shouldn't have immunity because they have government customers any more than Google should.

      The DOJ should be supporting WhatsApp. Like that will ever happen.

      1. FlamingDeath Silver badge

        Re: Immunity

        DOJ is an oxymoron

        Like the ministry of truth

  2. Chris G Silver badge

    If Facebook and it's appendages like whatsapp are pond scum, then NSO are the slimy things that live in the stagnant mud at the bottom, I can't say much good for any of them. Is there any way the courts can find against all sides?

  3. Anonymous Coward
    Anonymous Coward

    Make it unexploitable?

    Simplistic and not easy, but Zuck's got money to throw at the problem ... if he wants to.

  4. Neoc

    Correct me if I'm wrong, but isn't this exactly what the DMCA is about? NSO has tried to bypass a security protocol (supposedly) without the approval of the software owner.

    1. seven of five Silver badge

      Yes, but they don't play music, so it is fine.

      1. Smooth Newt Silver badge
        Pirate

        Yes, but they don't play music, so it is fine.

        Although any text messages, photos etc produced by users of WhatsApp are still literary or artistic works © The Author. All rights reserved.

        NSO's customers are enjoying a royalty-free ride.

        (Piracy icon, obviously)

  5. amanfromMars 1 Silver badge

    Facts are always greater fiction and threats are as a sub-prime whine ........

    ....... and imply catastrophic systemic and endemic weaknesses susceptible to exploitation and remote virtual manipulation.

    An AI Bunker Blockbuster Bursting Holywood franchise script would have an Israeli spyware maker NSO Group as a supported shell corporation and criminal state sanctioned actor running the target: an Islamic State terrorist who was planning an attack during the Christmas season.

    And with Western European law-enforcement officials closing in on the renegade rogue program, they try to kill the operation with a WhatsApp message, ignorant to the fact that it is already far too late, the trap has been sprung and the RAT is captured and confined for deliverance of fate and destiny which always lays waste to the miserable diseased cargo secured in such cages in order to better server and protect all humanities rather than just the Few.

    Then one could glance and cue the bigger picture view providing future sourced production lines for franchising ........ When someone you thought was a friend is a terrorist, are they a two faced mortal enemy and phantom of the day time political opera foe to be vanquished and removed from the Greater IntelAIgent Games Fields of COSMIC Play.

    Such could be scripted as an Immortals' Answer to such an Abomination and Perverse Route Play Root as is exercised in the likes of the above. Where and to what that would lead is anyone's to guess, but you'd have to be truly better than just real smart to know, for it is not as if it is likely to be something you know a great deal or anything at all about, is it ‽ .But you were warned about it, so it cannot be an utter unknown surprise .....

    Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don’t know we don’t know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones. …. Donald Rumsfeld

    1. amanfromMars 1 Silver badge

      Re: Facts are always greater fiction and treats are as a premium wine ........

      Oh, and with particular and peculiar regard to .....

      - and it is not really aimed at WhatsApp but instead all those with influence within the US government, administration, and legal system. It can be summed up in one question: Are you sure you want to open this can of worms?

      ........ the next question logically is are you sure you want to try and bury this can of worms and out yourself as the enemy to be hunted and disposed of surely, for is that not a guaranteed certainty nowadays, Kieran McCarthy in San Francisco/El Regers, with AIMastery of a Commendable Command with Recommendable Control Narrative Advantages ?

  6. bob7788554

    They can't argue that the tech is being used by a nation state when they develop it. They must have to test / prove the tech works so they themselves are hacking something within the WhatsApp infrastructure to be able to sell this product. So surly the question is this: is a private company able to hack another companies product for financial gain? I feel like NSO would be highly upset if someone were to hack into their systems.

  7. YetAnotherJoeBlow Bronze badge

    Open the can and go fishing...

    If I write a program to exploit something and it is traced back to me, I,ve broken the law at least twice; at home for providing a hacking tool, and two, the law of the targets home state. That is, unless I have diplomatic immunity - by being a spy, my only protection.

    Choose your customers wisely; or pay the price.

    1. amanfromMars 1 Silver badge

      Spooky Intelligence Servers as a Service

      If I write a program to exploit something and it is traced back to me, I,ve broken the law at least twice; at home for providing a hacking tool, and two, the law of the targets home state. That is, unless I have diplomatic immunity - by being a spy, my only protection.

      Choose your customers wisely; or pay the price. ........ YetAnotherJoeBlow

      Wise customers don't need to rely on diplomatic immunity providing any sort of protection for spying ..... or anything else one can imagine might be terrifically convenient, YetAnotherJoeBlow, .... once they are engaged with the very best of Top Secret/Sensitive Compartmentalised Information Suppliers.

      And even should they prove and tend to be expensive, it is wise to pay the price for too cheap buys one peanuts and monkeys rather than crown jewels and guardian knights.

    2. Lyndon Hills 1

      Re: Open the can and go fishing...

      I've broken the law at least twice;

      at home for providing a hacking tool,

      Depending on where 'home ' is. Is providing a hacking tool illegal in Israel?

      and two, the law of the targets home state.

      Surely the person you sold the tool to has broken the law in the target state, not you?

      Both parties here seem equally obnoxious, to me.

    3. JimboSmith Silver badge

      Re: Open the can and go fishing...

      One can only claim diploamtic immunity if one is a diplomat (or the wife of somone who amy or may not have diplomatic immunity). If you're just a foreign national living in another country and you get caught 'spying' then there's no immunity for you.

      If you are caught spying (in the UK at least) and are a foreign diplomat then you're described as doing activities incompatible with your diplomatic status. You can be labelled as Persona Non Grata and sent home (PNG'd).

      1. John Brown (no body) Silver badge

        Re: Open the can and go fishing...

        If you are in the USA and are caught spying, they don't even need the evidence to deport you. They simply need to have enough evidence to label you as a "spy" and then point at the law which says foreign spies must declare their presence to the authorities on arrival on US soil.

  8. IGotOut Silver badge

    So...

    ...going by the NSO's arguments, Russia or North Korea are free to send advanced military hardware to the Palestinians, after all, its not up to them how its used.

    1. Falmari Bronze badge

      Re: So...

      In reality they are. Just like the USA UK etc have to other groups as they see fit.

      As they say one mans terrorist is another mans freedom fighter.

      1. Kane Silver badge

        Re: So...

        "As they say one mans terrorist is another mans freedom fighter."

        And they're all billable.

  9. Dabooka

    Who cares?

    I mean NSO are the high profile one we know of right, are we suspected to believe that they're 'it' anyway?

    Okay I'm being deliberately flippant both in my title and my comment above but in all seriousness I'm sure many of us query the ones we don't know about who are using and searching for the same exploits. I know why WhatsApp and FriendFace need to do the court action too as it's important they're seen to trying to stop it (and probably genuinely want to) but even if they win, would it end or just go underground with Mossad or whoever?

    I don't know enough about this sort of thing to know for sure but I cannot believe they'd pack their toys up if they lost this.

    1. doublelayer Silver badge

      Re: Who cares?

      Governments do this kind of thing all the time. I don't like it, you likely don't either, but this is still worse. When a government does it, it's used by that government for ends that can be predicted and it could theoretically be stopped if the populace were sufficiently motivated. When a company does it, they are selling tools to commit crimes to the highest bidder, meaning they have produced a larger number of threats which aren't as easily restrained. The governments at least purport to have some restrictions on what they can do with their toys, while NSO and corporate malware producers like them do not.

      1. Dabooka
        Thumb Up

        Re: Who cares?

        Very true of course and something I should have been more in tune with; the commercialisation where it's open to the highest bidder.

      2. A.P. Veening Silver badge

        Re: Who cares?

        The governments at least purport to have some restrictions on what they can do with their toys

        Really? Maybe true for some governments, but most definitely not for the governments of Belarus and North Korea (to name just two of many).

      3. Falmari Bronze badge

        Re: Who cares?

        @doublelayer while I agree with your sentiment, to me NSO are no different from commercial arms manufacturers. From what I have read they can not just sell to the highest bidder they are restricted in who they can sell to, in their case by Israel.

        That said I have no argument against them being sued for harm that their software has caused when used illegally and look forward to the various arms companies being sued for illegal use of the weapons they manufacture.

        1. doublelayer Silver badge

          Re: Who cares?

          I doubt Israel has really put much effort into that. If this were an Israeli government project, it wouldn't have been handed over to the Saudis with no stated restrictions. While Israel and Saudi Arabia have at times collaborated against common enemies like Iran, they otherwise have had a rather tempestuous relationship. NSO has sold this utility to the Saudis, and if Israel was going to do anything about that, it would have been months ago. There are three options here: 1) Israel knew about it and is more willing to help Saudi Arabia and a couple other countries with repression than I thought, 2) NSO didn't ask Israel about it and Israel didn't bother to investigate, or 3) Israel has chosen not to prosecute a company for their own reasons. I would hazard a guess at option 3, with the reasons being that NSO is providing them with some tools and/or providing an ally of theirs who suggested to the Israelis not to do anything.

  10. Mike 16 Silver badge

    Once the rockets go up...

    Y'all can finish that.

    (Yeah, I'm pretty sure NSO can count down in Chinese. Business is Business)

  11. FlamingDeath Silver badge

    I’m surprised the NSO hasn’t accused FB of being anti-semitic. That’s the usual accusation thrown around like confetti. But alas most intelligent people know this anti-semitic word is used as a weapon, and not defensively

    The word prejudice is good enough, except when you think you’re gods special chosen people, then you have to have your own special word

    True fact, the Palestinians are semitic

    Who is the anti-semitic now huh, HUH?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020