NSO’s case was severely hampered by its inability to offer the court any details of its clients' aims in the attacks, prompting Northern California federal judge Phyllis Hamilton to bar the spyware firm from presenting any evidence related to its use by governments to snoop on terrorists and criminals. “Six years ago, we detected and stopped an attack by the notorious spyware developer NSO against WhatsApp and its users, and today, our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone,” WhatsApp said in a statement. A Northern California jury on Tuesday decided that a spyware manufacturer must pay $167 million in punitive damages for its role facilitating the hacking of 1,400 WhatsApp users’ mobile phones. In recent years, NSO’s spyware product, a powerful zero-click exploit known as Pegasus, has been found on scores of phones belonging to members of civil society, many of whom were among the 1,400 WhatsApp victims. The six-year case is the culmination of a Meta lawsuit filed in 2019, which argued that the manufacturer, the NSO Group, repeatedly attacked WhatsApp with spyware vectors, continuing to break into its systems even as the social media giant patched vulnerabilities. In addition to the $167 million in punitive damages, the jury determined that NSO must pay WhatsApp $445,000 in compensatory damages to pay it back for the significant efforts its engineers made to block the attack vectors. Natalia Krapiva, a digital freedom advocate whose organization, Access Now, has worked with the Citizen Lab to diagnose Pegasus targeting and infections and assist victims, also hailed the finding. NSO executives acknowledged to the court that Pegasus can be installed with a number of different mechanisms, including through attack vectors targeting instant messaging, browsers and operating systems. The jury’s decision “really vindicates in a major way all the denial, gaslighting, threats, attacks, harassment and retaliation that human rights advocates and victims have faced for our work exposing NSO’s conduct,” she said. “NSO makes millions of dollars helping dictators hack people,” said John Scott-Railton, a digital forensic researcher at the Citizen Lab, which helped diagnose phone infections in the case. Digital freedom advocates called the jury’s verdict transformative, saying not only the size of the damages, but also the hit to NSO’s reputation will have long-lasting effects. “The jury's decision to force NSO to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and our users worldwide,” it said. “Defendants cannot claim, on the one hand, that its intent is to help its clients fight terrorism and child exploitation, and on the other hand say that it has nothing to do with what its client does with the technology, other than advice and support,” the judge wrote.
This Cyber News was published on therecord.media. Publication date: Wed, 07 May 2025 00:25:07 +0000