SUMMARY
- NSO Group Held Accountable: A U.S. court ruled against NSO Group for hacking WhatsApp accounts, violating U.S. law and its terms of service.
- Pegasus Spyware Abuse: NSO exploited a WhatsApp flaw to install Pegasus spyware on 1,400 devices, targeting activists, journalists, and officials.
- WhatsApp Lawsuit Victory: WhatsApp sued NSO in 2019 after discovering the spyware attack, marking a major win for privacy rights.
- Court Rejects NSO’s Defense: The court dismissed NSO’s claims of immunity, holding it liable despite its stated anti-terrorism purpose.
- Spyware Industry Implications: The ruling sets a precedent for accountability, boosting privacy advocacy efforts against invasive technologies.
The Israeli spyware company NSO Group has been held liable for compromising the accounts of hundreds of WhatsApp users, marking a significant legal victory for Meta Platforms.
The Ruling
In a landmark ruling, U.S. District Judge Phyllis Hamilton found the NSO Group responsible for hacking and breaching the world’s leading messaging app WhatsApp’s terms of service, compromising the accounts of hundreds of its users.
According to court documents (PDF), the NSO Group exploited a vulnerability in the messaging app to install its powerful Pegasus spyware on at least 1,400 devices. This spyware, known for its ability to infiltrate phones and extract sensitive data, was allegedly used to target journalists, human rights activists, political dissidents, and government officials, raising serious concerns about privacy and human rights.
Background Details
For your information, WhatsApp filed the lawsuit in 2019, accusing NSO Group of accessing its servers without authorization to deploy Pegasus. It was reported by Hackread.com that the NSO Group was suspected of exploiting a new “MMS Fingerprint” attack on WhatsApp, exposing device information without user interaction.
Hackread.com also reported earlier this year that WhatsApp discovered the vulnerability in May 2019, which let attackers install Pegasus spyware on users’ devices. The flaw was then used to target government officials and activists globally. WhatsApp sued NSO Group for the exploitation
The Israeli firm, which claims its technology is used to combat terrorism and crime, argued that its actions were justified and that it should be shielded from liability. However, the court rejected these arguments, finding that it was responsible for the breach and that its actions violated US law.
This ruling has major implications for the spyware industry, which operates in a legal gray area. It establishes a precedent that companies like NSO Group can be held accountable for the misuse of their technology, even if they claim to be providing services to legitimate government agencies. The decision is also a major victory for privacy advocates, who have long warned about the dangers of invasive surveillance technologies.
WhatsApp hailed the ruling as a “huge win for privacy,” emphasizing that it would continue to work to protect user communications from such attacks.
“We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions,” Will Cathcart, the head of WhatsApp stated.
