Israeli Spyware Giant Nso Group Ordered To Pay Nearly $170m To Whatsapp For Hacking Accounts

Israeli spyware company NSO Group was ordered by a U.S. federal court on Tuesday to pay WhatsApp and its parent company Meta almost $170 million in damages after its cyber tools were used to hack around 1,400 WhatsApp accounts.

NSO Group has become the poster child in recent years for the mostly underground spyware market, used increasingly by governments to surveil dissidents, journalists and politicians. The ruling, the latest step in a process that began in 2019, is a major win for privacy advocates and those pushing back against NSO Group’s controversial Pegasus software.

According to a spokesperson for Meta, the ruling involves NSO Group paying punitive damages of around $167 million to WhatsApp on top of more than $440,000 in compensatory damages after one day of jury deliberation. This stems from an effort linked to NSO Group to exploit video calling systems and send malware to around 1,400 WhatsApp users in 2019, many of whom worked for civil society groups. WhatsApp filed a complaint in court after the plot was discovered.

NSO Group was previously found liable for hacking the WhatsApp user accounts, setting a precedent for organizations targeted by spyware to go after the companies that build the malicious software.

A post on Meta’s site shortly after the ruling celebrated the win, and noted that WhatsApp will be working to get a court order to “prevent NSO from ever targeting WhatsApp again.” It added that Meta will be making an unspecified donation to digital rights organizations that work to expose spyware abuses. In addition, WhatsApp plans to publish transcripts of deposition videos from NSO Group executives and others to aid researchers in understanding the full use of spyware globally.

“Today’s verdict in WhatsApp’s case is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone,” the post reads.

Apple also filed a suit against NSO Group, seeking damages for spyware being used against its customers. It ultimately dropped the case last year after concluding that the suit might expose sensitive Apple user data.

NSO Group has pushed back repeatedly against criticism, arguing that its Pegasus spyware has been used for good, such as catching high-profile criminals.

Gil Lainer, vice president of global communications for NSO Group, said in a statement Tuesday that the decision is “another stope in a lengthy judicial process,” and that “we firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies.”

“We will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal,” Lainer said, adding that the company "remains fully committed to its mission to develop technologies that protect public safety" while working within legal frameworks.

NSO Group was added to the Commerce Department’s entity list in 2021, making it difficult for it to do business in the U.S. Meanwhile, the European Parliament has set up a committee to investigate the use of Pegasus across EU nations.

Last year, the Biden administration backed a pledge for other nations to use spyware responsibly, and the Trump administration recently backed an international effort to set a code of conduct for wielding this type of software.

John Scott-Railton, a senior researcher for Citizen Lab, which helped investigate the initial hacks of WhatsApp accounts, tweeted Tuesday that NSO Group's conduct “deserved to be punished,” adding that “NSO makes millions hacking mostly American tech companies … so that dictators can hack dissidents.”

“NSO Group emerges from the trial severely damaged,” Scott-Railton tweeted. “This will scare customers.”