NSO Group Found Liable for Hacking WhatsApp Users in ‘Huge Win for Privacy’


A federal court has found NSO Group, an Israeli spyware company, liable for reverse engineering WhatsApp in order to install malware on the phones of more than 1,400 people around the world, including human rights activists, diplomats, attorneys, and journalists.

NSO’s tools, commonly known as Pegasus, infiltrated phones by initiating a WhatsApp call to the intended victim, who did not even need to answer the call in order for the zero-click exploit to install a package into their phone’s memory that would then download malware that allowed NSO and its clients to extract messages, locations, photos, and other information from the device.

The company catered to repressive regimes like Israel and Saudi Arabia, which allegedly caused Pegasus spyware to be installed on the phone of Hanan Elatr several months before it abducted and murdered her husband, journalist Jamal Khashoggi. Other victims included human rights advocates in Mexico, U.S. diplomats in Uganda, and likely Jeff Bezos.

WhatsApp filed its lawsuit against NSO Group in a California federal district court in 2019, alleging the spyware maker violated the federal Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act, and WhatsApp’s own terms of service.

On Friday, a federal judge granted WhatsApp’s motion for summary judgement, marking a major legal victory against NSO Group, which had so far evaded liability for its actions in other cases.

“This ruling is a huge win for Privacy,” Will Cathcart, the head of WhatsApp, posted on X. “We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions. Surveillance companies should be on notice that illegal spying will not be tolerated.”

Earlier this year, Apple dropped a lawsuit against NSO, saying that it was unlikely to gain access to important files it needed to continue its case against the spyware company and that the ongoing litigation threatened to expose more vulnerabilities in its technology. Victims of NSO-enabled hacking have in recent years also tried to sue the company in U.S. courts, but judges have ruled that they lacked jurisdiction for events that happened overseas.

John Scott-Railton, a senior researcher at The Citizen Lab, a nonprofit that helped expose NSO’s Pegasus spyware, said on BlueSky that the court’s decision on Friday was a “Big loss for NSO. Bad time to be a spyware company. Landmark case. Huge implications.”

NSO has struggled financially after its hacking activities were exposed and it was blacklisted by the U.S. government.

After the judge’s summary judgment ruling, the WhatsApp case is now slated to go to trial to determine what damages NSO will have to pay.



Source link