WhatsApp has caught the NSO Group—the Israeli spyware firm behind Pegasus—running phishing attacks against its users, in what appears to be a direct violation of a court order. Bruce Schneier flagged the development on his blog, and it raises serious questions about whether NSO can be held accountable by any legal mechanism.
The court order in question was supposed to rein in NSO’s operations after years of documented abuse: journalists, activists, and dissidents around the world have had their phones compromised by Pegasus spyware. A judge said stop. NSO, apparently, didn’t get the memo—or got it and decided to keep going.
Phishing WhatsApp users is a different tactic from the zero-click exploits NSO is famous for, but it gets the job done. Trick someone into clicking a link, and you can get a foothold on their device. It’s a reminder that even after lawsuits, sanctions, and public outcry, the surveillance-for-hire industry keeps adapting. The legal system is struggling to keep pace.
Source: Schneier on Security
