LOGO

WhatsApp vs. NSO Group: Spyware Hacking Case Victory

December 23, 2024
Topics:cybersecurityNSO GroupPegasusprivacySecuritysecuritySpywareWhatsApp
WhatsApp vs. NSO Group: Spyware Hacking Case Victory

NSO Group Found Liable for Hacking WhatsApp Users

A United States judge has determined that the Israeli spyware firm, NSO Group, violated hacking regulations through its utilization of WhatsApp to deploy its Pegasus spyware onto user devices.

Historic Ruling Details

The landmark decision, delivered on Friday, establishes NSO Group’s liability for targeting approximately 1,400 WhatsApp users. This action constitutes a breach of both state and federal hacking laws, as well as a violation of WhatsApp’s terms of service, which explicitly forbid the platform’s use for malicious activities.

This judgment follows a lawsuit initiated by Meta-owned WhatsApp five years ago. The suit alleged that NSO Group exploited a vulnerability within WhatsApp’s audio-calling feature to install Pegasus spyware on the devices of unsuspecting individuals.

Targeted Individuals

WhatsApp reported that over 100 human rights advocates, journalists, and members of civil society were specifically targeted by the malware. Government officials and diplomats were also among those affected.

Judge Hamilton’s Findings

Judge Phyllis Hamilton acknowledged that NSO Group did not contest the fact that it had to reverse-engineer or decompile WhatsApp software to install Pegasus. However, NSO questioned whether this occurred before agreeing to WhatsApp’s terms of service.

The judge reasoned that “common sense dictates” NSO Group first needed access to WhatsApp. She highlighted that NSO offered no credible explanation for gaining access without accepting the terms of service.

Discovery Issues

Hamilton further noted NSO Group’s repeated failure to provide requested evidence, including the Pegasus source code, despite a court order. Internal communications regarding WhatsApp vulnerabilities were also withheld.

“NSO’s lack of compliance with discovery orders raises serious concerns about their transparency and willingness to cooperate with the judicial process,” stated the judge.

Meta’s Response

Emily Westcott, a Meta spokesperson, conveyed WhatsApp’s approval of the ruling in a statement to TechCrunch.

“NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists, and civil society,” Westcott said. “Spyware companies should be on notice that their illegal actions will not be tolerated. We’re proud to have stood up against NSO and thankful to the many organizations that were supportive of this case. WhatsApp will never stop working to protect people’s private communication.”

WhatsApp Head’s Statement

Will Cathcart, head of WhatsApp, characterized the ruling as a “huge win for privacy” in a post on X.

NSO Group’s Silence

Gil Lainer, a spokesperson for NSO Group, declined to provide a comment. Previously, NSO Group maintained that Pegasus aids law enforcement and intelligence agencies in combating crime and safeguarding national security.

Upcoming Trial

The case is scheduled to proceed to trial in March 2025. A jury will then determine the amount of damages NSO Group is required to pay to WhatsApp.

Here's a summary of key points:

  • NSO Group breached hacking laws.
  • Approximately 1,400 WhatsApp users were targeted.
  • Pegasus spyware was used to exploit a vulnerability.
  • NSO Group failed to comply with court orders for evidence.
  • A damages trial is set for March 2025.
#whatsapp#nso group#spyware#hacking#lawsuit#victory