A federal ju judge on Tuesday determined that NSO-owned WhatsApp WhatsApp WhatsApp must pay approximately $168 million in monetary damages more than four months after the NSO group ruled that a federal judge had violated US law by using an Israeli company to deploy PEGASUS spyware on its WhatsApp server and targeting more than 1,400 individuals worldwide.
WhatsApp also initially filed a lawsuit against the NSO group in 2019, accusing the latter of using Pegasus to target journalists, human rights activists and political dissidents.
Court documents released as part of the trial revealed that 456 Mexicans were targeted during the campaign, followed by 100 in India, 82 in Bahrain, 69 in Morocco and 58 in Pakistan. In total, individuals from 51 countries were targeted.
The attack exploited a zero-day vulnerability in WhatsApp’s voice call feature (CVE-2019-3568, CVSS score: 9.8) to trigger the deployment of spyware.
In a ruling issued in December 2024, US District Judge Phyllis J. Hamilton said Pegasus had sent WhatsApp’s California-based servers 43 times during the relevant period in May 2019.
“Our lawsuit against Spyware Developer NSO made history when the court found it violated both federal and state laws in the United States in December,” Will Cathcart, head of Whatsapp at Meta, said in a statement from X.
“And today’s ju-search verdict punishing NSOs is an important deterrent for the spyware industry against illegal activities targeting American companies and users around the world.”
Cathcart added that the company’s next step is to secure court orders to prevent NSOs from targeting WhatsApp again, and donating to digital rights groups working to protect people from such attacks around the world.
In addition to the $167,254,000 punitive damages, the ry judge determined that the NSO group must pay WhatsApp $444,719 in compensatory damages for the important efforts made by WhatsApp engineers to block the attack vector.
This development is a major victory for privacy advocates and human rights groups, who have repeatedly called on NSO groups to license powerful surveillance software to their customers to monitor civil society members.
The NSO group tried to circumvent responsibility by claiming that it was not aware of what the client was doing with Pegasus, but Judge Hamilton said, “It’s about helping clients fight terrorism and child exploitation, while not saying it has nothing to do with what the client does with technology.”
“NSO spends tens of millions of dollars a year developing malware installation methods such as instant messaging, browsers, and operating systems, and was forced to admit that its spyware can damage iOS or Android devices to this day,” Meta said.
In a statement shared with Courthouse News and Politico, NSO Group said its technology plays an important role in preventing serious crime and terrorism and intends to pursue appropriate legal remedies. The company was approved by the US government in 2021 for its engagement in “malicious cyber activity.”
Apple, which filed a similar lawsuit against the NSO group, said it would remove it in September 2024 and continue it, potentially revealing sensitive details of its security program.
Source link
