美国法院裁定NSO集团向WhatsApp交出佩格努斯间谍软件代码

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor.

一位美国法官已下令NSO集团向Meta交出其Pegasus等产品的源代码，作为这家社交媒体巨头针对以色列间谍软件供应商的诉讼的一部分。

The decision, which marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to approximately 1,400 mobile devices between April and May. This also included two dozen Indian activists and journalists.

这个决定标志着Meta取得的重大法律胜利，Meta于2019年10月提起诉讼，指控NSO集团利用其基础设施在4月至5月期间向大约1400部移动设备分发间谍软件。这其中包括两打印度活动人士和记者。

These attacks leveraged a then zero-day flaw in the instant messaging app (CVE-2019-3568, CVSS score: 9.8), a critical buffer overflow bug in the voice call functionality, to deliver Pegasus by merely placing a call, even in scenarios where the calls were left unanswered.

这些攻击利用了即时通讯应用的一个零日漏洞（CVE-2019-3568，CVSS评分：9.8），即语音通话功能中的关键缓冲区溢出漏洞，通过仅仅拨打电话即可传送Pegasus，甚至在未接听电话的情况下也能执行。

In addition, the attack chain included steps to erase the incoming call information from the logs in an attempt to sidestep detection.

此外，攻击链包括步骤来从日志中删除来电信息，以企图规避检测。

Court documents released late last month show that NSO Group has been asked to "produce information concerning the full functionality of the relevant spyware," specifically for a period of one year before the alleged attack to one year after the alleged attack (i.e., from April 29, 2018 to May 10, 2020).

上个月晚些时候发布的法庭文件显示，NSO集团被要求"提供有关相关间谍软件全部功能的信息"，具体是从所谓的攻击发生前一年到攻击发生后一年的时间段（即从2018年4月29日到2020年5月10日）。

That said, the company doesn't have to "provide specific information regarding the server architecture at this time" because WhatsApp "would be able to glean the same information from the full functionality of the alleged spyware." Perhaps more significantly, it has been spared from sharing the identities of its clientele.

也就是说，该公司目前不必"提供有关服务器架构的具体信息"，因为WhatsApp"可以从涉嫌间谍软件的全部功能中获取相同的信息。"或许更重要的是，该公司不必分享其客户的身份。

"While the court's decision is a positive development, it is disappointing that NSO Group will be allowed to continue keeping the identity of its clients, who are responsible for this unlawful targeting, secret," said Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International.

"尽管法院的裁决是一个积极的发展，但令人失望的是NSO集团将被允许继续保持其客户的身份保密，而这些客户对这种非法定位负责，"国际特赦组织安全实验室主任唐尼查·奥·凯巴希表示。

NSO Group was sanctioned by the U.S. in 2021 for developing and supplying cyber weapons to foreign governments that "used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."

NSO集团于2021年被美国制裁，因为该公司开发并向外国政府供应"用这些工具恶意瞄准政府官员、记者、商人、活动人士、学者和大使馆工作人员"的网络武器。

Meta, however, is facing mounting scrutiny from privacy and consumer groups in the European Union over its "pay or okay" (aka pay or consent) subscription model, which they say is a Hobson's choice between paying a "privacy fee" and consenting to be tracked by the company.

然而，Meta正在面临欧盟隐私和消费者团体对其"付费或同意"（也称为支付或同意）订阅模式的日益严厉审查，他们表示这是在支付"隐私费"和同意被公司跟踪之间的霍布森抉择。

"This imposes a business model in which privacy becomes a luxury rather than a fundamental right, directly reinforcing existing discriminatory exclusion from access to the digital realm and control over personal data," they said, adding the practice would undermine GDPR regulations.

"这种模式将隐私变成奢侈品，而不是一项基本权利，直接强化了现有的排斥数字领域访问和控制个人数据的歧视性排斥，"他们说，这种做法将破坏GDPR法规。

The development comes as Recorded Future revealed a new multi-tiered delivery infrastructure associated with Predator, a mercenary mobile spyware managed by the Intellexa Alliance.

此消息出现在Recorded Future披露了与Predator相关的新的多层交付基础设施，这是由Intellexa联盟管理的一种雇佣移动间谍软件。

The infrastructure network is highly likely associated with Predator customers, including in countries like Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. It's worth noting that no Predator customers within Botswana and the Philippines had been identified until now.

这个基础设施网络很可能与Predator客户有关，包括安哥拉、亚美尼亚、博茨瓦纳、埃及、印尼、哈萨克斯坦、蒙古、阿曼、菲律宾、沙特阿拉伯和特立尼达和多巴哥等国家。值得注意的是，到目前为止，博茨瓦纳和菲律宾内尚未确认存在Predator客户。

"Although Predator operators respond to public reporting by altering certain aspects of their infrastructure, they seem to persist with minimal alterations to their modes of operation; these include consistent spoofing themes and focus on types of organizations, such as news outlets, while adhering to established infrastructure setups," the company said.

"尽管Predator运营商通过改变其基础设施的某些方面来回应公开报道，但他们似乎坚持最小程度地改变其操作模式；这些包括一致的欺骗主题和专注于类型的组织，如新闻机构，同时坚持已建立的基础设施设置，"该公司表示。

Sekoia, in its own report about the Predator spyware ecosystem, said it found three domains related to customers in Botswana, Mongolia, and Sudan, stating it detected a "significant increase in the number of generic malicious domains which do not give indications on targeted entities and possible customers."

Sekoia在关于Predator间谍软件生态系统的自己的报告中表示，它发现了与博茨瓦纳、蒙古和苏丹的客户有关的三个域名，并指出检测到"数量显著增加的通用恶意域名，这些域名不提供关于目标实体和可能的客户的指示。

原文始发于微信公众号（知机安全）：美国法院裁定NSO集团向WhatsApp交出佩格努斯间谍软件代码