The US court has found that NSO Group, the company behind Pegasus spyware, attacked 1,400 users’ devices through WhatsApp. WhatsApp filed a lawsuit against NSO Group in 2019 alleging it used Pegasus to spy on the phones of journalists, activists, and government officials.
For those who aren’t aware, the Israeli cyber-arms company NSO Group developed Pegasus spyware in 2011. Pegasus can remotely infect phones and steal messages, calls, and personal data. Once installed on a device, it can spy on the user without them knowing, which makes it one of the most dangerous tools for privacy invasion.
US Court found NSO Group liable for attacking WhatsApp users with Pegasus spyware
The judge, Phyllis Hamilton, found that NSO Group violated the federal Computer Fraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA). The judge also found that the company violated WhatsApp’s terms of service. This ruling came after a five-year-long legal battle. The court has yet to determine how much NSO will need to pay in damages.
In early 2024, Hamilton ordered NSO Group to provide WhatsApp with the source code of its spyware. But in her ruling, she said the company had repeatedly failed to do so, which was a major reason for granting WhatsApp’s request for sanctions against NSO Group. The lawsuit was filed in California, but NSO Group only allowed an Israeli citizen to view its source code in Israel, which the judge described as “simply impracticable.”
Will Cathcart, the head of WhatsApp, wrote a post on Threads, “This ruling is a huge win for privacy. We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions. Surveillance companies should be on notice that illegal spying will not be tolerated.”
The controversy of Pegasus spyware
Pegasus spyware is controversial because its creators originally designed it to help governments fight crime and terrorism. But governments around the world have reportedly used it to spy on journalists, opposition leaders, and human rights activists. This misuse has raised big questions about the ethics of technology and the danger to privacy. Before 2019 it was spread through messages with harmful links. But now it’s more powerful using “zero-day” vulnerabilities in phones.