周二,苹果公司起诉 NSO 集团及其母公司,指控这家以色列公司出售客户用来监视苹果客户的强大软件,从而违反了联邦反黑客法。
该诉讼在加利福尼亚州的联邦法院提起,指控 NSO 的间谍软件 Pegasus 和其他恶意软件对苹果造成了金钱和财产损失,并在此过程中侵犯了苹果用户的人权。
“为了防止对其用户的进一步滥用和伤害,Apple 还寻求永久禁令,禁止 NSO Group 使用任何 Apple 软件、服务或设备,”Apple 在一份声明中表示。
在周二的一份声明中,NSO Group 没有解决诉讼的具体细节,而是表示该公司的技术可以挽救生命。
该公司表示,NSO Group 提供“合法工具”来帮助政府打击恋童癖者和恐怖分子。
虽然 NSO 集团长期以来一直坚持只将其软件出售给授权用户以用于执法和反恐目的,但研究人员多年来发现了 Pegasus 被用来监视持不同政见者和人权活动家的证据。
多伦多大学公民实验室的研究人员在 9 月份表示,一个身份不明的团体正在使用 Pegasus 和 Apple 操作软件中的一个漏洞来监视沙特活动家。
这起诉讼是 NSO Group 的最新挫折,网络安全分析师和人权活动家长期以来一直指责 NSO Group 与专制政府有业务往来。据研究人员称,该公司易于使用的间谍软件能够窃听手机的通信并访问设备上的其他敏感数据。
美国商务部本月将 NSO Group 添加到其所谓的“实体清单”中,从而有效地禁止该公司在未经许可的情况下从美国供应商处购买软件组件。商务部指控 NSO Group 和另一家名为 Candiru 的以色列公司向外国政府提供间谍软件,这些政府“使用这些工具恶意攻击”记者、大使馆工作人员和活动人士。
NSO Group 在当时的一份声明中表示,“鉴于我们的技术通过防止恐怖主义和犯罪来支持美国的国家安全利益和政策,它对这一决定感到沮丧,因此我们将主张撤销这一决定。”
声明说:“我们期待着提供关于我们如何拥有世界上最严格的合规和人权计划的完整信息,这些计划基于我们深深分享的美国价值观,这已经导致多次终止联系[原文如此] 与滥用我们产品的政府机构。”
当时无法联系到 Candiru 置评。
苹果至少是第二家起诉 NSO Group 的美国主要科技公司。 Facebook(现称为 Meta)于 2019 年起诉 NSO Group,指控其协助破坏了运行 WhatsApp 消息应用程序的 1,400 部手机。
NSO Group 否认了 Facebook 的指控,并试图阻止案件的进展。但美国上诉法院本月裁定,诉讼可以继续进行。
苹果表示,它将向“从事网络监视研究和宣传的组织”捐款 1000 万美元,外加诉讼造成的任何损失。
该诉讼要求 NSO Group 提供未指明的惩罚性赔偿,以及“在审判中证明数额的补偿性赔偿”。
NSO Group 只是销售专门的黑客工具以入侵不同类型手机的几家公司之一。
在诉讼中,苹果的律师反映了苹果工程师和 NSO 集团代码编写者之间所谓的“持续军备竞赛”。
“即使苹果开发解决方案并增强其设备的安全性,被告也在不断更新他们的恶意软件和漏洞,以克服苹果自己的安全升级,”诉状称。
Apple sues NSO Group over spyware
(CNN Business)Apple on Tuesday sued NSO Group and its parent company, accusing the Israeli firm of violating a federal anti-hacking law by selling potent software that clients have used to spy on Apple customers.
The lawsuit, filed in a federal court in California, alleges that NSO's spyware, known as Pegasus, and other malware have caused Apple monetary and property damages, and violated the human rights of Apple users along the way.
"To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices," Apple said in a statement.
In a statement Tuesday, NSO Group did not address the specifics of the lawsuit and instead said the firm's technology saves lives.
NSO Group provides "lawful tools" to help governments fight pedophiles and terrorists, the firm said.
While NSO Group has long maintained that it only sells its software to authorized users for law enforcement and counterterrorism purposes, researchers have for years uncovered evidence that Pegasus has been used to surveil dissidents and human rights activists.
Researchers from the University of Toronto's Citizen Lab in September said that an unidentified party was using Pegasus, and a vulnerability in Apple operating software, to spy on a Saudi activist.
The lawsuit is the latest setback for NSO Group, which cybersecurity analysts and human rights activists have long accused of doing business with repressive governments. The firm's easy-to-use spyware is capable of eavesdropping on a phone's communications and accessing other sensitive data on the device, according to researchers.
The US Commerce Department this month added NSO Group to its so-called "entity list," effectively banning the company from buying software components from US vendors without a license. Commerce accused NSO Group, and another Israeli firm known as Candiru, of providing spyware to foreign governments that "used these tools to maliciously target" journalists, embassy workers and activists.
In a statement at the time, NSO Group said it was "dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed."
"We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based [on] the American values we deeply share," according to the statement, "which already resulted in multiple terminations of contacts [sic] with government agencies that misused our products."
Candiru could not be reached for comment at the time.
Apple is at least the second major US tech firm to sue NSO Group. Facebook (now known as Meta) in 2019 sued NSO Group for allegedly facilitating the breach of 1,400 phones running the WhatsApp messaging application.
NSO Group has denied the allegations made by Facebook, and tried to block the case from moving forward. But a US appeals court this month ruled that the lawsuit could proceed.
Apple said it would contribute $10 million, plus any damages from the lawsuit, to "organizations pursuing cybersurveillance research and advocacy."
The lawsuit seeks unspecified punitive damages from NSO Group, as well as "compensatory damages in an amount to be proven at trial."
NSO Group is just one of several firms that sell specialized hacking tools to break into different types of mobile phones.
In its lawsuit, Apple's lawyers reflected on what it called a "continual arms race" between Apple engineers and NSO Group's code-writers.
"Even as Apple develops solutions and enhances the security of its devices, Defendants are constantly updating their malware and exploits to overcome Apple's own security upgrades," the complaint states.