Israeli Spyware Maker NSO Group Fined $167M for WhatsApp Spyware Attack
The New York Times reports that NSO Group, the Israeli spyware maker at the center of years of controversy, has been fined a staggering $167 million in damages to Meta, the company behind WhatsApp. This ruling marks the culmination of a six-year legal battle that began when NSO's Pegasus spyware was used to target about 1,400 WhatsApp users, including journalists, activists, and government officials.
The controversy surrounding NSO Group's Pegasus spyware began in 2019, when the company exploited a serious flaw in WhatsApp's code. The vulnerability, hidden in how the app handled voice and video calls, allowed attackers to place a call to someone and install the spyware on their device without any user interaction. This was what's known as a zero-click attack.
Victims of this attack usually had no idea they were compromised, with some reporting that their apps would crash or call logs would be wiped remotely. WhatsApp quickly responded by pushing an update to fix the issue and notifying those affected in May 2019. However, the damage was already done, and Meta took NSO Group to court just a few months later, accusing it of gaining unauthorized access to its servers.
After a long and contentious legal battle, U.S. District Judge Phyllis Hamilton ruled in late 2023 that NSO had broken cybersecurity laws. The damages now finalized mark the end of this chapter for Meta, but the implications will be felt far beyond the WhatsApp community.
A Industrywide Threat
According to Will Cathcart, the head of WhatsApp, the jury's verdict is a "critical deterrent" against the spyware industry. He stated that this ruling sends a strong message that such practices will not be tolerated and emphasized the need for collective action to defend against these threats.
Awards to Digital Rights Organizations
WhatsApp has announced that it plans to donate the awarded damages to digital rights organizations dedicated to defending people targeted by such technology. This move aims to support those who have been affected by NSO Group's actions and to promote a safer online environment for all users.
A Response from NSO Group
NSO Group's vice president for global communication, Gil Lainer, expressed his disappointment with the verdict, stating that the company will "carefully examine the details" of the ruling. He also reiterated NSO Group's long-standing argument that its technology plays a critical role in preventing serious crime and terrorism, but is deployed responsibly by authorized government agencies.
New Insights into NSO Group's Operations
The trial provided some fascinating insights into how NSO Group operates. Executives from the company testified in court for the first time, shedding light on Pegasus's capabilities and revealing that newer versions of the technology have evolved to be capable of hacking into phones simply through a sent text message.
A Wider Threat
The trial also revealed that NSO Group had developed technology capable of hacking into other messaging applications beyond WhatsApp. This raises serious concerns about the company's intentions and its impact on global cybersecurity.
NSO Group should be familiar to readers, as it has been involved in several high-profile controversies over the years. In November 2021, Apple filed a lawsuit against NSO for hacking iPhones and spying on users, which was quietly dropped in September last year.
A Strong Message
John Scott-Railton, a senior researcher at Citizen Lab, a cybersecurity group that helped WhatsApp alert users who were targeted, stated that the verdict sends a strong message that these practices will not be tolerated. The U.S. Commerce Department also took action in 2021 by blacklisting NSO Group and placing it on its Entity List, citing concerns about national security and foreign policy interests.