A lawsuit filed on Wednesday in the Northern District of California has taken aim at NSO Group, a subsidiary of Q Cyber Technologies Limited (together, NSO), over cyberattacks committed on Salvadoran journalists and affiliates of the publication El Faro. The suit claims that NSO developed spyware that not only hindered the plaintiffs’ ability to carry out journalistic activities, but moreover compromised their safety as well as that of their colleagues and families.
According to the suit, Israel-based NSO sells its malicious surveillance software to “rights-abusing governments.” One of its “signature” products is “Pegasus,” which NSO and their clients can install on a target’s smartphone remotely and surreptitiously, without any action by the target.
Once installed, Pegasus gives its operators essentially full control of the device including access to contact lists, calendar entries, text messages, notes, emails, search histories, and GPS locations, the complaint says. The malware can also turn on a microphone and take photographs. “Defendants highlight these and other capabilities in their marketing materials,” the filings adds.
Between June 2020 and November 2021, at least twenty-two people associated with El Faro, including the plaintiffs, were the victims of Pegasus attacks, the suit alleges. The plaintiffs, who were then unaware of the attacks, allegedly had their devices and communications monitored.
While the attacks purportedly compromised the journalists’ safety, it also deterred some sources from sharing information and forced the plaintiffs to expend resources preventing data exploitation and addressing the serious physical and mental health issues resulting therefrom.
The suit states claims for relief under the Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act, as well as claims for trespass to chattels and intrusion upon seclusion. The plaintiffs seek injunctive and declaratory relief, as well as compensatory and punitive damages.
The plaintiffs are represented by Schonbrun, Seplow, Harris, Hoffman & Zeldes LLP and the Knight First Amendment Institute at Columbia University.
The complaint follows in the footsteps of a brief filed by the U.S. Solicitor General last week, arguing that a Ninth Circuit ruling against NSO Group should stand. That case concerns WhatsApp’s attempt to hold NSO accountable for targeting WhatsApp users with the same malware.
Before the Supreme Court, the Solicitor General contended that NSO cannot make use of a sovereign immunity defense, and as such, asked the court to reject NSO’s petition for a writ of certiorari reviewing the Ninth Circuit’s decision.