Judge finds spyware maker NSO Group responsible for attacks on WhatsApp users

A federal judge in California agreed with WhatsApp that NSO Group, the Israeli electronic surveillance company behind the Pegasus spyware, hacked its systems by sending malware through its servers to thousands of its users’ phones. WhatsApp and its parent company Meta, A lawsuit was filed against NSO Group Back in 2019, it was accused of spreading malware on 1,400 mobile devices in 20 countries for the purpose of surveillance. They revealed at the time that some of the targeted phones were owned by journalists, human rights activists, prominent women leaders, and political opponents. The Washington Post District Judge Phyllis Hamilton has reportedly granted WhatsApp’s motion for summary judgment against NSO and ruled that it violated the US Computer Fraud and Abuse Act (CFAA).

NSO Group disputed the allegations “in the strongest possible terms” when the lawsuit was filed. It denied having a hand in the attacks and told Engadget at the time that its sole purpose was to “provide technology to government intelligence agencies and authorized law enforcement agencies to help them combat terrorism and serious crimes.” The company said that it should not be held responsible, because it sells its services only to government agencies, which determine its goals. In 2020, Meta His lawsuit was escalated The company was accused of using US-based servers to launch Pegasus spyware attacks.

Judge Hamilton ruled that NSO Group violated the CFAA because the company appeared to fully acknowledge that the modified WhatsApp software its customers used to target users were sending messages through legitimate WhatsApp servers. These messages then allow Pegasus spyware to be installed on users’ devices, and targets don’t even have to do anything, such as pick up the phone to make a call or click on a link, to become infected. The court also found that plaintiff’s motion for sanctions should be granted because NSO Group “repeatedly (failed) to make relevant discovery,” most importantly the Pegasus source code.

Karl Woj, WhatsApp spokesperson, said: mail The company believes this is the first court decision to agree that a major spyware vendor has violated US hacking laws. “We are grateful for today’s decision,” Woj told the publication. “NSO can no longer avoid accountability for its illegal attacks on WhatsApp, journalists, human rights activists and civil society. With this ruling, spyware companies must know that their illegal actions will not be tolerated.” Judge Hamilton wrote in her decision that her order resolves all issues related to NSO Group’s liability and that the trial will continue only to determine the amount the company must pay in damages.