NSO Group Found Liable for Hacking WhatsApp Users in ‘Huge Win for Privacy’

A national tribunal has recovered NSO Group, an Israeli spyware company, liable for reverse engineering WhatsApp successful bid to instal malware connected the phones of much than 1,400 radical astir the world, including quality rights activists, diplomats, attorneys, and journalists.

NSO’s tools, commonly known arsenic Pegasus, infiltrated phones by initiating a WhatsApp telephone to the intended victim, who did not adjacent request to reply the telephone successful bid for the zero-click exploit to instal a bundle into their phone’s representation that would past download malware that allowed NSO and its clients to extract messages, locations, photos, and different accusation from the device.

The institution catered to repressive regimes similar Israel and Saudi Arabia, which allegedly caused Pegasus spyware to beryllium installed connected the telephone of Hanan Elatr respective months earlier it abducted and murdered her husband, writer Jamal Khashoggi. Other victims included quality rights advocates successful Mexico, U.S. diplomats successful Uganda, and apt Jeff Bezos.

WhatsApp filed its suit against NSO Group successful a California national territory tribunal successful 2019, alleging the spyware shaper violated the national Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act, and WhatsApp’s ain presumption of service.

On Friday, a national justice granted WhatsApp’s question for summary judgement, marking a large ineligible triumph against NSO Group, which had truthful acold evaded liability for its actions successful different cases.

“This ruling is simply a immense triumph for Privacy,” Will Cathcart, the caput of WhatsApp, posted connected X. “We spent 5 years presenting our lawsuit due to the fact that we firmly judge that spyware companies could not fell down immunity oregon debar accountability for their unlawful actions. Surveillance companies should beryllium connected announcement that amerciable spying volition not beryllium tolerated.”

Earlier this year, Apple dropped a lawsuit against NSO, saying that it was improbable to summation entree to important files it needed to proceed its lawsuit against the spyware institution and that the ongoing litigation threatened to exposure much vulnerabilities successful its technology. Victims of NSO-enabled hacking person successful caller years besides tried to writer the institution successful U.S. courts, but judges person ruled that they lacked jurisdiction for events that happened overseas.

John Scott-Railton, a elder researcher astatine The Citizen Lab, a nonprofit that helped exposure NSO’s Pegasus spyware, said connected BlueSky that the court’s determination connected Friday was a “Big nonaccomplishment for NSO. Bad clip to beryllium a spyware company. Landmark case. Huge implications.”

NSO has struggled financially aft its hacking activities were exposed and it was blacklisted by the U.S. government.

After the judge’s summary judgement ruling, the WhatsApp lawsuit is present slated to spell to proceedings to find what damages NSO volition person to pay.