2/ Apple's lawsuit, filed moments ago in Northern California hits NSO hard.
- Seeks to hold NSO & parent accountable for abuses
- ALSO Requests permanent injunction banning NSO from using Apple products.
Directly hits NSO's core development & biz activities.
3/ NSO poked the hornet's nest for years, and @Apple wasn't satisfied with simply suing the spyware company..
Apple just pledged millions to groups working cyber surveillance... plus any damages that they extract from NSO.
Apple's wrath is poetic.
4/ Notifying NSO victims is another major step.
After @WhatsApp, Apple is the 2nd major company to do so.
✅Helps victims recognize what's going on
✅puts NSO's government customer base on notice: their abuses might be exposed next.
5/ NSO's accelerating tailspin, current status...
In recent weeks:
✅US🇺🇸 sanctioned NSO
✅ Court ruled that @WhatsApp's lawsuit against them could go ahead
✅ Reports that NSO is headed towards possible default.
Now, a massive lawsuit from Apple.
6/ NSO's profitable spyware is predictably used for repression by many dictators.
This didn't scare off unscrupulous investors.
Other spyware companies are now chasing their lead..
Now, NSO's *crisis* sends a different signal: your fortunes could come crashing down.
7/ NSO's spyware doesn't just harm human rights.
It hurts tech companies.
After years of spending efforts on technical means of control (e.g. patching & securing their products), big platforms have decided it was time to punch back in a different way:
In court.
8/ I see @Apple's lawsuit as partly triggered by findings & efforts of so many of our @citizenlab peers:
Most importantly though: the victims that bravely came forwards. Here's why...
9/ The FORCEDENTRY zero-click exploit is prominently mentioned @apple's lawsuit.
It was discovered when a spyware victim let us check their phone.
This is as it should be: targets of dictatorial surveillance contributing to fighting back & helping protect us all.
10/ Immediate effects of @Apple filing suit against NSO:
✅ NSO an even more radioactive investment.
✅ Investors that stuck with NSO look not only amoral, but foolish.
✅ Scares off risk-averse government customers.
✅ Chilling effect on spyware industry.
11/ It would take a huge internal effort for a massive company to undertake any one of these:
✔Lawsuit
✔Victim Notification
✔Attribution
✔Civil society support.
12/ Addendum to tweet #4: @billyleonard at TAG reminds me that @Google / @android should also be on the list of companies that have notified NSO victims in the past.
IMPORTANT: has @Apple sent you a mercenary spyware threat notification?
Latest round just went out.
Take them seriously. Get expert help.
If you a journalist, activist, dissident etc. I suggest you ✅contact @accessnow's helpline. 1/ accessnow.org/help/
2/ In my experience, @Apple's mercenary spyware threat notifications do several things:
✅ Help users take action to secure themselves
✅ Impose cost on spyware companies & customers
✅ Keep us researchers busy investigating cases
They can also have a✅deterrent effect.
@Apple 3/ I never tire of saying that @apple threat notifications have helped to change the information balance between spyware victims & those that target them.
They have also kicked off waves of scandals & discoveries of spyware abuses. Like in #Poland👇
2/ The investigation behind this Russian political interference takedown is interesting.
First, the @FBI got account registration info for a slice of fake accounts on @X
They found a lot of email accounts registered on the same server.
So they went to the registrar...
@FBI @X 3/ While the domain registrar (Namecheap) had a bunch of account registration information for the @FBI, the info was a fake name and some alias information.
Strike out? No. The FBI began a subpoena cascade, starting with the Google account used to register the domain.