Judge finds spyware-maker NSO Group liable for attacks on WhatsApp users

A federal judge in California has agreed with WhatsApp that the NSO Group, the Israeli cybersurveillance firm behind the Pegasus spyware, had hacked into its systems by sending malware through its servers to thousands of its users' phones. WhatsApp and its parent company, Meta, sued the NSO Group back in 2019 and accused it of spreading malware to 1,400 mobile devices across 20 countries with surveillance as its purpose. They revealed back then some of the targeted phones were owned by journalists, human rights activists, prominent female leaders and political dissidents. The Washington Post reports that District Judge Phyllis Hamilton has granted WhatsApp's motion for summary judgement against NSO and has ruled that it had violated the US Computer Fraud and Abuse Act (CFAA). 

The NSO Group disputed the allegations in the "strongest possible terms" when the lawsuit was filed. It denied that it had a hand in the attacks and told Engadget back then that its sole purpose was to "provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime." The company argued that it should not be held liable, because it merely sells its services to government agencies, which are the ones that determine their targets. In 2020, Meta escalated its lawsuit and accused the firm of using US-based servers to stage its Pegasus spyware attacks.

Judge Hamilton has ruled that the NSO Group violated the CFAA, because the firm appears to fully acknowledge that the modified WhatsApp program its clients use to target users send messages through legitimate WhatsApp servers. Those messages then allow the Pegasus spyware to be installed on users' devices — the targets don't even have to do anything, such as pick up the phone to take a call or click a link, to be infected. The court has also found that the plaintiff's motion for sanctions must be granted on account of the NSO Group "repeatedly [failing] to produce relevant discovery," most significant of which is the Pegasus source code. 

WhatsApp spokesperson Carl Woog told The Post that the company believes this is the first court decision agreeing that a major spyware vendor had broken US hacking laws. "We’re grateful for today’s decision," Woog told the publication. "NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists and civil society. With this ruling, spyware companies should be on notice that their illegal actions will not be tolerated." In her decision, Judge Hamilton wrote that her order resolves all issues regarding the NSO Group's liability and that a trial will only proceed to determine how much the company should pay in damages.  

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/judge-finds-spyware-maker-nso-group-liable-for-attacks-on-whatsapp-users-140054522.html?src=rss https://www.engadget.com/cybersecurity/judge-finds-spyware-maker-nso-group-liable-for-attacks-on-whatsapp-users-140054522.html?src=rss
Created 4d | Dec 21, 2024, 3:40:13 PM


Login to add comment

Other posts in this group

The best ways to spend your $50 gift card

If you received a bunch of gift cards for the holidays, consider it a blessing. Whoever gave them to you likely wanted to give you a gift you'd actually use, and rather assume (incorrectly), they w

Dec 25, 2024, 2:50:09 PM | Engadget
The best couch co-op games for PC, Nintendo Switch, PS5 and Xbox

A million different online multiplayer games seem to arrive each week, but good games you can play on the couch with a buddy aren’t as common. If you’re looking for a suggestion, we’ve rounded up a

Dec 25, 2024, 10:20:07 AM | Engadget
Android phone makers dropped the ball on Qi2 in 2024

Android phones have been the first to feature a bunch of notable standards. They were the first to support

Dec 24, 2024, 8:20:08 PM | Engadget
Flying taxi maker Lillium lays off 1,000 workers and ceases operations

Lilium, a company working on flying taxis that can take off and land vertically, has ceased operations. As

Dec 24, 2024, 5:50:11 PM | Engadget
Russia bans crypto mining in multiple regions, citing energy concerns

The Russian government has banned crypto mining in ten regions for a period of six years, according to reporting by the st

Dec 24, 2024, 5:50:10 PM | Engadget
Engadget's Games of the Year 2024

This year may not have been as jam packed as 2023 was for gaming, but there were still plenty of amazing new releases. Whether you love a good indie or a big-budget production, this year had you co

Dec 24, 2024, 3:40:05 PM | Engadget
Engadget's Balatro of the year 2024

No game this year captured the imagination of the Engadget crew quite like Balatro did, and when it came time for each staff member to pitch their

Dec 24, 2024, 3:40:04 PM | Engadget