NSO Group Held Accountable for WhatsApp User Hackings in Notable Victory for Privacy Protections
NSO Group Held Accountable for WhatsApp User Hackings in Notable Victory for Privacy Protections
A judicial body in the U.S. has deemed NSO Group, a Israeli surreptitious software company, accountable for unlawfullyreverse engineering WhatsApp to install malicious software on over 1,400 devices globally, including rights activists, diplomats, lawyers, and journalists.
NSO’s notorious software, often referred to as Pegasus, infiltrated devices by instigating a WhatsApp call to the marked target, even if they did not pick up. This unwarranted intrusion resulted in a zero-click exploit, installing a genderless malicious package into the target's phone memory. This package then downloaded harmful software that enabled NSO and its clients to access sensitive data such as messages, locations, photos, and other confidential information from the device.
The company primarily catered to repressive nations, like Israel and Saudi Arabia, believed to play an instrumental role in the installation of Pegasus spyware on the phone of Hanan Elatr before her husband, journalist Jamal Khashoggi, was abducted and brutally murdered. Additionally, human rights advocates in Mexico, U.S. diplomats in Uganda, and possibly Jeff Bezos were other victims.
WhatsApp initiated legal action against NSO Group in a California federal district court in 2019, citing violations of the Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act, and WhatsApp’s own terms of service.
In a significant legal triumph for WhatsApp, a U.S. judge issued a summary judgement on Friday, setting a precedent that NSO had previously managed to evade liabilities in other cases.
Will Cathcart, WhatsApp’s CEO, celebrated the decision by publishing a post on X, expressing his belief that spyware companies should no longer be able to hide behind immunity or dodge responsibility for unlawful activities. Furthermore, he emphasized that unauthorized surveillance will not be tolerated.
Early this year, Apple withdrew its lawsuit against NSO, citing probable inaccessibility to critical files required for the case's progression and potential exposure of weaknesses in its technology due to the ongoing litigation. Moreover, victims of NSO-sponsored hacking had attempted to sue the company in U.S. courts, but judges indicated lack of jurisdiction for incidents transpiring beyond U.S. borders.
John Scott-Railton, a senior researcher at The Citizen Lab, a non-profit organization committed to unmasking NSO’s Pegasus spyware, added that the court's ruling on Friday was a "significant loss for NSO. An inopportune moment for spyware companies. Groundbreaking case. Dramatic implications."
Financially, NSO has experienced difficulties following the exposure of its hacking activities and subsequent addition to the U.S. government’s blacklist.
As a consequence of the summary judgement, the WhatsApp lawsuit will proceed to trial to estimate the compensatory damages NSO must pay.
The judicial victory against NSO Group has sparked conversations about the role of technology in the future, with many calling for stricter regulations on surreptitious software companies like NSO. Despite facing financial challenges, the company continues to rely heavily on technology, such as Pegasus, to carry out its operations.