A logo adorns a wall on a branch of the Israeli NSO Group company, near the southern Israeli town of Sapir, Tuesday, Aug. 24, 2021. (Sebastian Scheiner/AP)
SAN FRANCISCO — Apple asked a court Friday to dismiss its three-year-old hacking lawsuit against spyware pioneer NSO Group, arguing that it might never be able to get the most critical files about NSO’s Pegasus surveillance tool and that its own disclosures could aid NSO and its increasing number of rivals.
A redacted version of the filing in San Francisco federal court cited a July article in the Guardian, which reported that Israeli officials had taken files from NSO’s headquarters. The newspaper said the officials asked an Israeli court to keep the action secret even from those involved in an earlier, still pending hacking suit against NSO filed by Meta’s WhatsApp. Israeli ministry of justice communications that were hacked showed that officials were concerned about sensitive information reaching Americans, the newspaper said.
“While Apple takes no position on the truth or falsity of the Guardian Story described above, its existence presents cause for concern about the potential for Apple to obtain the discovery it needs,” the iPhone maker wrote in its filing Friday. Israeli officials have not disputed the authenticity of the documents but have denied interfering in the U.S. litigation.
NSO lost its own bid to dismiss the case in January. The company raised a raft of defenses, blaming Apple for shipping vulnerable software and allowing criminals and terrorists to communicate in secret.
While NSO will likely welcome the suit being dropped, Apple and some of its allies said it came about in part because of NSO’s decline.
When the case began, Pegasus was notorious for being used by authoritarian regimes against dissidents, human rights advocates and journalists. The spyware could be implanted into Android phones or iPhones, sometimes without any user interaction, and record everything that happened on the devices without detection. NSO was seen as the leading vendor selling to governments.
The U.S. government has since barred NSO from doing business with Americans, and Pegasus was used against phones of U.S. diplomats overseas. Employees have left the company and started their own or joined others, sometimes taking infiltration strategies with them. The Washington Post reported this month that the U.S.-led crackdown on spyware makers has faltered in part because the number of vendors has multiplied.
“NSO Group is on the ropes, no longer the only firm in town, and nowhere near as formidable as they once were,” said Ronald Deibert, director of the Citizen Lab at the University of Toronto and a leading critic of the spyware industry.
While NSO is among the spyware companies who say they will not sell to enemies of Israel and the United States, Google recently found that Russia had used some of its hacking tools. Experts said it was most likely that Russia had stolen them from an authorized customer.
Apple alluded to such a scenario in its filing as well. It wrote that if it provides its own documents to NSO’s lawyers about how it detected the hacks, those lawyers might get hacked, too. “Because Apple currently uses its threat intelligence information to protect every one of its users in the world, any disclosure, even under the most stringent controls, puts this information at risk,” the company wrote.
Another change in the last three years is the strength of Apple’s threat detection, making disclosure of details more valuable to would-be hackers. Apple has built up its capability in secret, and it has repeatedly exposed new hacking infrastructure as hacking companies adjust.
That has allowed Apple to warn more customers when it detects an effort to install spyware on their devices. Many who have received such warnings have gone to the media, which can assess why they might have been targeted, and to digital rights groups including Citizen Lab, Amnesty International and Access Now, which can analyze the phones and learn more about the methods being used. The combined scrutiny has led to major scandals in multiple countries.
“We think Apple’s notifications to users and its continued tracking of NSO and other spyware vendors has been absolutely critical in impacting global accountability and has helped spotlight NSO Group’s contributions to widespread human rights abuses,” Deibert said. “It has also been enormously beneficial in terms of helping to triage and spur on the investigations” by the nonprofits.
Apple has beefed up security for its users in other ways too. It added an optional “Lockdown Mode” for users, which limits some phone functions but also the ways in which it could be attacked. In December, Apple said it knew of no successful commercial spyware attacks against an iPhone in Lockdown Mode.
