WhatsApp has won the first-ever court victory against NSO Group, a controversial spyware developer, marking a significant milestone for digital privacy and security worldwide.
Six years after detecting and halting an attack on its platform, the Meta-owned messaging service has successfully held NSO accountable for deploying its infamous Pegasus spyware against WhatsApp users.
A jury ordered NSO Group to pay $167,256,000 in punitive damages and approximately $444,719 in compensatory damages to WhatsApp. This verdict comes after Judge Phyllis Hamilton ruled last December that NSO Group was liable for breaching federal and California hacking laws, as well as WhatsApp's terms of service.
The 2019 attack targeted over a thousand WhatsApp users, including journalists, human rights activists, diplomats, and civil society members. WhatsApp collaborated with Citizen Lab to investigate the breach and alert potential victims.
During the trial, NSO executives were compelled to testify, shedding unprecedented light on their secretive surveillance technology.
Court proceedings revealed that Pegasus can covertly compromise devices to extract "every kind of user data on the phone," including financial information, location data, emails, and text messages. The spyware can even remotely activate microphones and cameras without user knowledge or consent.
Evidence presented at trial showed that WhatsApp was just one of many targets. NSO admitted to spending tens of millions of dollars annually developing malware delivery methods that exploit various technologies, including instant messaging platforms, browsers, and operating systems. Their spyware remains capable of compromising both iOS and Android devices.
WhatsApp plans to pursue the collection of the awarded damages and ultimately hopes to donate these funds to digital rights organisations working to protect people from similar attacks globally. The company's next legal step is to secure a court order permanently prohibiting NSO from targeting WhatsApp again.
"Today's ruling shows spyware companies that their illegal actions against American technologies will not be tolerated," WhatsApp stated in their announcement of the verdict.
NSO Group spokesperson Gil Lainer indicated the company might challenge the decision, stating they will "carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal."
John Scott-Railton, a senior researcher at Citizen Lab who has studied the spyware industry for more than a decade, called the ruling "an incredible moment," adding that "NSO makes many millions of dollars helping dictators hack people... NSO's business is based on hacking American companies...so that dictators can hack dissidents."
The company has published unofficial transcripts of deposition videos shown in court to support researchers and journalists studying these threats, with plans to add official court transcripts when available.
This victory represents the first successful legal challenge against an industry that has operated with limited accountability, potentially setting a precedent for future cases involving digital surveillance and privacy violations.