A federal judge in California has agreed with WhatsApp that NSO Group, the Israeli cyber-surveillance company behind the Pegasus spyware, hacked into its systems by sending malware through its servers to thousands of users’ phones. WhatsApp and its parent company Meta, sued the NSO Group back in 2019 and accused it of spreading malware on 1,400 mobile devices in 20 countries with the aim of surveillance. They revealed at the time that some of the targeted phones belonged to journalists, human rights activists, prominent female leaders and political dissidents. The Washington Post reports that District Judge Phyllis Hamilton granted WhatsApp’s motion for summary judgment against NSO, ruling that NSO violated the US Computer Fraud and Abuse Act (CFAA).
NSO Group “strongly denied” the allegations when filing the lawsuit. The company denied involvement in the attacks, telling Engadget at the time that its sole purpose was to “provide technology to licensed government intelligence agencies and law enforcement agencies to help them combat terrorism and serious crime.” . The company argued that it should not be held liable because it only sells its services to government agencies that determine their objectives. In 2020, meta escalated his complaint and accused the company of using US-based servers to carry out its Pegasus spyware attacks.
Judge Hamilton ruled that NSO Group violated the CFAA because the company appeared to fully acknowledge that the modified WhatsApp program used by its customers to target users was sending messages through legitimate WhatsApp servers. These messages then enable the Pegasus spyware to be installed on users’ devices – targets don’t even have to do anything like pick up the phone to answer a call or click on a link to be infected. The court also concluded that the plaintiff’s motion for sanctions must be granted because NSO Group “has repeatedly made (non)relevant discoveries,” the most important of which is the Pegasus source code.
WhatsApp spokesman Carl Woog said this The post The company believes this is the first court decision confirming that a major spyware vendor violated U.S. hacking laws. “We are grateful for today’s decision,” Woog told the publication. “NSO can no longer avoid responsibility for its unlawful attacks on WhatsApp, journalists, human rights activists and civil society. This ruling should put spyware companies on notice that their illegal actions will not be tolerated.” In her decision, Judge Hamilton wrote that her decision clarifies all questions regarding NSO Group’s liability and that a trial should only be used to determine the amount of damages will take place through the company.
