NSO Ordered to Pay $167 Million in WhatsApp Spyware Case

WhatsApp parent company Meta scores the first major win in its long-standing battle with spyware maker NSO Group.

A federal jury on Tuesday ordered NSO to pay Meta $167 million after testimony in court led the jury to conclude that the Israeli company sold its surveillance software to buyers looking to hack people’s phones through a WhatsApp vulnerability.

As reported by The Washington Post, “the verdict came on the second day of deliberations in the damages phase of the trial in Oakland, California. U.S. District Judge Phyllis J. Hamilton granted WhatsApp’s motion for summary judgment against Israel-based NSO Group in December, finding that it had violated the U.S. Computer Fraud and Abuse Act and a similar California law with its spying program known as Pegasus.”

Six years of litigation

Meta, which owns the popular WhatsApp messaging platform, detected ongoing attacks by NSO’s Pegasus spyware tool as far back as six years ago. The attacks targeted more than 1,000 WhatsApp users, including human rights activists, journalists, diplomats, and other members of civil society.

Meta worked with the crusaders at Citizen Lab to investigate and alert the people believed to be targeted – “both so we could learn more about the attack and inform them about the steps they can take to secure their devices,” according to a post at Meta’s newsroom.

The trial put NSO executives on the stand to expose how their surveillance-for-hire system works.

“Put simply, NSO’s Pegasus works to covertly compromise people’s phones with spyware capable of hoovering up information from any app installed on the device,” says Meta. “Think anything from financial and location information to emails and text messages, or as NSO conceded: ‘every kind of user data on the phone.’ It can even remotely activate the phone’s mic and camera – all without people’s knowledge, let alone authorization.”

WhatsApp isn't the only target

The trial revealed that NSO targeted many more platforms than just WhatsApp.

“Pegasus has had many other spyware installation methods to exploit other companies’ technologies to manipulate people’s devices into downloading malicious code and compromising their phones,” reads Meta’s post.

NSO admitted to spending tens of millions of dollars annually to develop its product and attack avenues, “including through instant messaging, browsers, and operating systems, and that its spyware is capable of compromising iOS or Android devices to this day,” Meta reveals.

Awarded damages to be dished out to digital rights groups

Meta says it will have to work hard to collect the awarded damages from NSO, as the Israeli spyware maker is appealing the court decision. However, it plans to ultimately “make a donation to digital rights organizations that are working to defend people against such attacks around the world.”

Meta’s next step is to secure a court order to prevent NSO from ever targeting WhatsApp again.

Apple in 2021 also sued NSO Group over the abusive use of its spyware tool which exploited vulnerabilities in the iOS operating system powering iPhones. The Cupertino tech giant later dropped its legal tussle with the Israeli firm so as to avoid disclosing technical intelligence developed to combat Pegasus infections on Apple products.

NSO constantly maintains that it only sells its surveillance software to governments and law enforcement when dire situations call for it, like terrorism and other major crimes.

You may also want to read:

How Spyware Infects Smartphones and How to Defend Against It

WhatsApp Patches Zero-Click Spyware Attack Vector on Android

New Android Security Feature Aims to Keep Snoops Out of Your Phone

WhatsApp Introduces ‘Advanced Chat Privacy’ – Here’s How to Enable It

TikTok Must Pay €530 Million for Violating Europe’s Data Protection Laws

How to Protect Your WhatsApp from Hackers and Scammers – 8 Key Settings and Best Practices