Israeli Spyware Titan NSO Group Must Pay Almost $170M to WhatsApp Over Account Hacks
The decision marks a significant victory for privacy advocates and critics of NSO Group’s contentious Pegasus software.
TroibNews 
A U.S. federal court ordered Israeli spyware company NSO Group on Tuesday to pay nearly $170 million in damages to WhatsApp and its parent company Meta after its cyber tools were allegedly used to hack around 1,400 WhatsApp accounts.
In recent years, NSO Group has gained notoriety as a representative of the largely underground spyware market, increasingly leveraged by governments for surveillance of dissidents, journalists, and politicians. The ruling, a significant development in a case that commenced in 2019, marks a notable victory for privacy advocates and those contesting NSO Group's controversial Pegasus software.
Meta's spokesperson stated that the ruling requires NSO Group to pay roughly $167 million in punitive damages to WhatsApp, in addition to over $440,000 in compensatory damages, following just one day of jury deliberation. This judgment relates to an effort by NSO Group to exploit video calling capabilities and deliver malware to about 1,400 WhatsApp users in 2019, many of whom were affiliated with civil society organizations. WhatsApp filed a lawsuit after uncovering the plot.
Having already been found liable for compromising WhatsApp user accounts, NSO Group’s case sets a precedent for organizations targeted by spyware to pursue action against the firms that create the harmful software.
A Meta blog post shortly after the decision celebrated this victory, mentioning that WhatsApp will seek a court order "to prevent NSO from ever targeting WhatsApp again." It also indicated that Meta intends to make an undisclosed donation to digital rights organizations focusing on exposing spyware abuses. Additionally, WhatsApp plans to publish transcripts of deposition videos from NSO executives and others to assist researchers in understanding the global use of spyware.
“Today’s verdict in WhatsApp’s case is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone,” read the post.
Apple previously initiated a lawsuit against NSO Group, seeking damages for the spyware used against its customers, but ultimately dropped the case last year after determining it could reveal sensitive Apple user data.
NSO Group has consistently defended its practices, asserting that its Pegasus spyware has been instrumental in combating high-profile crime.
Gil Lainer, vice president of global communications for NSO Group, stated on Tuesday that the ruling is “another step in a lengthy judicial process,” maintaining that “we firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies.”
“We will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal,” Lainer added, stressing that the company "remains fully committed to its mission to develop technologies that protect public safety" while adhering to legal standards.
In 2021, NSO Group was placed on the Commerce Department’s entity list, complicating its business operations in the U.S. Meanwhile, the European Parliament has established a committee to investigate the use of Pegasus within EU countries.
Last year, the Biden administration supported an initiative encouraging responsible use of spyware globally, while the Trump administration had previously endorsed an international effort to establish a code of conduct regarding this type of software.
John Scott-Railton, a senior researcher at Citizen Lab, which contributed to investigating the initial WhatsApp hacks, tweeted on Tuesday that NSO Group's actions "deserved to be punished," adding that “NSO makes millions hacking mostly American tech companies … so that dictators can hack dissidents.”
“NSO Group emerges from the trial severely damaged,” Scott-Railton tweeted. “This will scare customers.”
Anna Muller for TROIB News
In recent years, NSO Group has gained notoriety as a representative of the largely underground spyware market, increasingly leveraged by governments for surveillance of dissidents, journalists, and politicians. The ruling, a significant development in a case that commenced in 2019, marks a notable victory for privacy advocates and those contesting NSO Group's controversial Pegasus software.
Meta's spokesperson stated that the ruling requires NSO Group to pay roughly $167 million in punitive damages to WhatsApp, in addition to over $440,000 in compensatory damages, following just one day of jury deliberation. This judgment relates to an effort by NSO Group to exploit video calling capabilities and deliver malware to about 1,400 WhatsApp users in 2019, many of whom were affiliated with civil society organizations. WhatsApp filed a lawsuit after uncovering the plot.
Having already been found liable for compromising WhatsApp user accounts, NSO Group’s case sets a precedent for organizations targeted by spyware to pursue action against the firms that create the harmful software.
A Meta blog post shortly after the decision celebrated this victory, mentioning that WhatsApp will seek a court order "to prevent NSO from ever targeting WhatsApp again." It also indicated that Meta intends to make an undisclosed donation to digital rights organizations focusing on exposing spyware abuses. Additionally, WhatsApp plans to publish transcripts of deposition videos from NSO executives and others to assist researchers in understanding the global use of spyware.
“Today’s verdict in WhatsApp’s case is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone,” read the post.
Apple previously initiated a lawsuit against NSO Group, seeking damages for the spyware used against its customers, but ultimately dropped the case last year after determining it could reveal sensitive Apple user data.
NSO Group has consistently defended its practices, asserting that its Pegasus spyware has been instrumental in combating high-profile crime.
Gil Lainer, vice president of global communications for NSO Group, stated on Tuesday that the ruling is “another step in a lengthy judicial process,” maintaining that “we firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies.”
“We will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal,” Lainer added, stressing that the company "remains fully committed to its mission to develop technologies that protect public safety" while adhering to legal standards.
In 2021, NSO Group was placed on the Commerce Department’s entity list, complicating its business operations in the U.S. Meanwhile, the European Parliament has established a committee to investigate the use of Pegasus within EU countries.
Last year, the Biden administration supported an initiative encouraging responsible use of spyware globally, while the Trump administration had previously endorsed an international effort to establish a code of conduct regarding this type of software.
John Scott-Railton, a senior researcher at Citizen Lab, which contributed to investigating the initial WhatsApp hacks, tweeted on Tuesday that NSO Group's actions "deserved to be punished," adding that “NSO makes millions hacking mostly American tech companies … so that dictators can hack dissidents.”
“NSO Group emerges from the trial severely damaged,” Scott-Railton tweeted. “This will scare customers.”
Anna Muller for TROIB News
