NSO Group Found Guilty: Landmark Ruling Holds Spyware Giant Accountable for WhatsApp Breach

NSO Group Found Guilty: Landmark Ruling Holds Spyware Giant Accountable for WhatsApp Breach

Federal Judge Rules Against NSO Group in WhatsApp Hacking Case

A landmark ruling has found Israeli spyware company NSO Group guilty of violating U.S. hacking laws through their deployment of Pegasus spyware on WhatsApp users. The case, which began five years ago, centered on the exploitation of WhatsApp vulnerabilities to infiltrate approximately 1,400 devices.

The court determined that NSO Group violated both the Computer Fraud and Abuse Act (CFAA) and California’s Computer Data Access And Fraud Act (CDAFA). The company’s Pegasus software, marketed as a surveillance tool for governments, enabled unauthorized access to user data and device monitoring capabilities.

Technical evidence revealed NSO’s use of multiple zero-day exploits, including a previously undisclosed vulnerability called “Erised,” to execute zero-click attacks. The company continued deploying these exploits even after the lawsuit’s initiation in October 2019, until WhatsApp’s security patches blocked access in May 2020.

WhatsApp’s head, Will Cathcart, celebrated the ruling as a victory for privacy rights, while Meta CEO Mark Zuckerberg emphasized their commitment to user protection. The damages will be determined in early 2024.

Despite NSO Group’s claims of having no access to collected data, Pegasus has been linked to numerous high-profile surveillance cases involving government officials, journalists, and activists worldwide. This led to U.S. Commerce Department sanctions against NSO Group in 2021, alongside a separate lawsuit from Apple regarding iPhone hacking incidents.

Share This Article