NSO Group Must Pay WhatsApp Over $167M in Damages for Attacks on Its Users

In a significant victory for privacy, a U.S. jury has ordered NSO Group, a notorious Israeli spyware firm, to pay WhatsApp over $167 million in damages for using its Pegasus spyware to target over 1,400 people. This ruling comes after a five-year legal battle and marks a major milestone in the fight against malicious industries that threaten American companies and users worldwide.

A Critical Deterrent Against Malicious Acts

The jury's decision to force NSO Group to pay damages is a critical deterrent to this malicious industry, which has been accused of targeting human rights groups, activists, journalists, lawyers, and dissidents. "The jury's decision to force NSO to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and our users worldwide," reads the post published by WhatsApp after the jury's ruling.

A Five-Year Legal Battle

This trial has been a long time coming, with WhatsApp first filing a lawsuit against NSO Group in December 2019. The plaintiffs alleged that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. "defendants' relevant software products, collectively referred to as 'Pegasus,' allow defendants' clients to use a modified version of the Whatsapp application – referred to as the 'Whatsapp Installation Server,' or 'WIS,'" reads the court document.

A Major Privacy Victory

Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. "This trial also revealed that WhatsApp was far from NSO's only target — this is an industry-wide threat and it'll take all of us to defend against it," reads the statement published by WhatsApp.

NSO Group's Response

NSO Group's spokesperson, Gil Lainer, has stated that the company will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal. "We will continue to fight for our right to operate and provide services to our clients," reads a statement from NSO Group.

Industry-Wide Threat

The experts detected three exploits, called "Heaven," "Eden," and "Erised," that were employed in over 1,400 attacks attributed to NSO Group. Even after WhatsApp detected and blocked the exploit described in the Complaint in May 2019, NSO admits that it developed yet another installation vector (known as Erised) that also used WhatsApp servers to install Pegasus.

A Trail of Consequences

The trial exposed how NSO Group's Pegasus spyware secretly compromises phones, accessing data, mic, and camera. It targets more than WhatsApp, using various exploits, messaging apps, browsers, OS, to install malware on both iOS and Android. NSO admitted spending tens of millions annually to maintain and develop these covert surveillance tools.

Meta's Take

Meta pointed out that the trial exposed how NSO Group's Pegasus spyware secretly compromises phones, accessing data, mic, and camera. It targets more than WhatsApp, using various exploits, messaging apps, browsers, OS, to install malware on both iOS and Android. "NSO was forced to admit that it spends tens of millions of dollars annually to develop malware installation methods including through instant messaging, browsers, and operating systems, and that its spyware is capable of compromising iOS or Android devices to this day."

A Message from Meta

"NSO was forced to admit that it spends tens of millions of dollars annually to develop malware installation methods including through instant messaging, browsers, and operating systems, and that its spyware is capable of compromising iOS or Android devices to this day."