WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order (securityweek.com) 34
wiredmikey shares a report from SecurityWeek: Meta-owned communications app WhatsApp says it recently detected and disrupted a spear-phishing attempt linked to spyware company NSO Group. The attack is allegedly in defiance of a court order that bars the spyware maker from targeting WhatsApp. WhatsApp filed a lawsuit against NSO in 2019, after it came to light that a zero-day vulnerability had been exploited to deliver spyware to users. [...] NSO has been seeking to overturn the order blocking it from targeting WhatsApp users, arguing that the company will "suffer irreparable harm."
According to WhatsApp, the spyware maker has violated the permanent injunction. The messaging app reported on Monday that it had recently learned of a social engineering attack that attempted to trick users into clicking on malicious links. WhatsApp has only shared a few domains as an indicator of compromise (IoC), but says it was able to link the attack to NSO, pointing to similarities to previously reported one-click phishing campaigns tied to the spyware company. WhatsApp says it also caught the attackers creating test accounts and groups. Those accounts and groups have been disabled, but further action is also being taken. WhatsApp says it is asking a federal court to hold NSO in contempt for allegedly violating a permanent injunction barring it from targeting WhatsApp and its users. The company also said it is making a "significant contribution" to the Spyware Accountability Initiative, a fund aimed at exposing and stopping spyware abuse.
According to WhatsApp, the spyware maker has violated the permanent injunction. The messaging app reported on Monday that it had recently learned of a social engineering attack that attempted to trick users into clicking on malicious links. WhatsApp has only shared a few domains as an indicator of compromise (IoC), but says it was able to link the attack to NSO, pointing to similarities to previously reported one-click phishing campaigns tied to the spyware company. WhatsApp says it also caught the attackers creating test accounts and groups. Those accounts and groups have been disabled, but further action is also being taken. WhatsApp says it is asking a federal court to hold NSO in contempt for allegedly violating a permanent injunction barring it from targeting WhatsApp and its users. The company also said it is making a "significant contribution" to the Spyware Accountability Initiative, a fund aimed at exposing and stopping spyware abuse.
Re: (Score:1)
Re:No jurisdiction (Score:4, Interesting)
Sanctions against the employees, blacklisting their products in the US and allied countries. Think of what was unleashed on Huawei after vague "they could be" allegations, these ones are "they are" and the company has already made it clear that their business model is at least partially dependent on spearfishing WhatsApp.
Re: No jurisdiction (Score:2)
The US has allied countries?
Re: (Score:3)
Re: (Score:2)
Re:No jurisdiction (Score:5, Informative)
Incorrect. Computer misuse within the US, regardless of where the individuals who are doing the misusing are located, is under US jurisdiction. This is long-established. Laws dealing with multi-jurisdictional issues (such as patents/copyrights, illicit interstate commerce, sex tourism, computer misuse) are old-hat.
Attacking US servers located in US territory is an attack carried out within the US, regardless of where the keyboard warrior is.
Now, if the servers attacked are in Ireland, then they're also covered by EU jurisdiction (no matter what the US likes to think).
The law is the law, and nobody, in any nation, is immune. A fact a lot of nations like to pretend they're somehow immune to. They aren't and there will always be a price to pay for such cavalier attitudes.
Re:No jurisdiction (Score:5, Interesting)
Indeed. But there are always countless lawless assholes that hink the laws of other countries can be ignored, even when committing crimes in those same other countries. If the perpetrators and the crime are in different countries, extradition treaties come into play. Incidentally, there is an active extradition treaty between Israel and the United States.
If civil law is concerned, then the other treaties can apply or if the perpetrators have a business unit in the country the crime is committed in, that can be held accountable. The NSO Group does not have an US office. This is probably not an accident.
Re:No jurisdiction (Score:5, Interesting)
You're part right, part wrong. It's not a question of immune to the law, but it's a question of reach of the law. Private people are not immune and not out of reach on the basis that they can be extradited if the law broken is a law in both countries and an extradition treaty exists and both sides are willing to engage in the extradition.
You can't extradite a company.
Now what can you do to enforce the law beyond your borders? For multinationals this is easy. If they have a presence in your country you can fine them. It's why Amazon needs to follow EU law, because they are in fact a French company, just like Microsoft is an Irish company.
NSO Group isn't a multinational company, they have no presence in the USA.
So now we're down to the last thing you can do: control the border. For physical goods that means banning imports. For virtual goods you're shit out of luck. About the only thing you can now do is place the company on the foreign entity list effectively banning people from doing business with them.
NSO Group has been on the entity list for the past 5 years already.
So the OP is in fact right. The US courts have no jurisdiction over NSO Group. The US government does, but they've already exercised the upper limits of punishment they can exert.
Re: (Score:1)
Re: (Score:3)
No it hasn't. The order [federalregister.gov] imposes licence requirements on US companies for exporting or transferring goods to NSO Group, but it doesn't prohibit US companies from buying from NSO Group, nor does it target individuals. If the US government can prohibit all US companies from doing any business with UN special rapporteurs (Francesca Albanese) or Brazilian judges (Alexandre de Moraes - sanction now lifted), to the
Re: (Score:1)
Right, thanks for following up. Point remains the same. This is not a question for the courts or the law, it's a question for whether the US government wants to strengthen its sanctions as an external interventions. The US courts have no jurisdiction in this case.
Comical (Score:5, Insightful)
A spyware company trying to stop another spyware company. It's the modern day equivalent of Spy vs. Spy.
Re: (Score:2)
Not as funny, though.
Re: (Score:2)
"the company will "suffer irreparable harm." (Score:5, Insightful)
Re:"the company will "suffer irreparable harm." (Score:5, Funny)
Yes, https://www.aipac.org/ [aipac.org]
Re: (Score:2)
In October 2025, NSO Group confirmed that a group of US-based investors, led by film producer Robert Simonds, had acquired a controlling interest in the company.
Or a company owned by the guy who inflicted Adam Sandler comedies [wikipedia.org] on us.
Bomb 'Em (Score:5, Informative)
I can only hope NSO Group and every single employee gets bombed by Iran or whoever else Israel has pissed off.
What did you expect? (Score:4, Insightful)
Re: (Score:2)
I'm not sure what you're trying to say. A citizen of the USA is subject to US law. A non-citizen is not to the extent of extradition treaties. The law does not cover a company not based in the USA.
This isn't a company vs person issue. This is a jurisdiction issue.
Re: (Score:2)
Except that they violated a court order from a US judge. Yes, they are outside US jurisdiction, but that doesn't mean that judge can't cause them real problems, like blocking the import of their software and seizing assets held inside the US jurisdiction and stacking fines until they show up for their day in court.
You act like incorporating outside the US is some free pass to violate US law. It clearly isn't.
I'm shocked, shocked (Score:1)
Re: I'm shocked, shocked (Score:2)
Casablanca
NSO arguing that it will “suffer irreparable (Score:1)
NSO has been seeking to overturn the order [securityweek.com] blocking it from targeting WhatsApp users, arguing that the company will “suffer irreparable harm”.
I'm sure ransomware groups say the same thing when they get put out of business.
Cue all burglars (Score:1)
I'm a burglar, and I will suffer irreparable harm if the law is not changed to make burglary legal.
well yeah (Score:1)