WhatsApp won against the NSO Group. Consequently, the messaging platform was awarded over $167 million in damages. The verdict came after a jury trial of a week. In the course of the trial, NSO Group’s CEO Yaron Shohat and a number of current WhatsApp employees were deposed. The lawsuit was driven by allegations that the NSO Group used a zero-day exploit embedded in WhatsApp’s audio-calling function. This was their justification to hack into an additional 1,400 users’ accounts.
The conflict centers around the use of NSO Group’s Pegasus spyware. The company continues to claim that the software cannot specifically be used to message American phone numbers, particularly those that begin with the +1 country code. When, in 2022, The New York Times reported that the NSO Group had “hacked” a U.S. phone. This was the only action taken in a week-long test run solely for the FBI. This contradiction in and of itself casts doubt on the company’s statements about the limitations of its spyware.
Background of the Case
WhatsApp’s legal fight with NSO Group began in October 2019. At the time, WhatsApp alleged that NSO Group had been orchestrating a large-scale hacking operation. This malware, which is called Pegasus, was built specifically to be able to infect devices without end users being aware or having any chance to opt out.
According to the allegations, NSO Group utilized a zero-click attack method that did not require any interaction from the target. This method was using a fraudulent WhatsApp phone call to obtain entry to the user’s device.
“worked by placing a fake WhatsApp phone call to the target” – Antonio Perez
The consequences of this case reach well beyond monetary damages. Each one emphasizes the continued threat to our privacy and security, and the ethical ramifications of deploying surveillance technology.
Key Elements of the Ruling
The jury’s finding in favor of WhatsApp marks a turning point. To that end, it sparks important discussions around personal digital privacy and cybersecurity. During the trial, NSO Group’s CEO attempted to defend their practices by stating that “any zero-click solution whatsoever is a significant milestone for Pegasus,” suggesting that their technology has advanced capabilities.
Widespread criticism soon challenged this perspective. The trial evidence showed that WhatsApp’s systems were systematically exploited because of their vulnerabilities.
The ruling from the court was equally clear cut. It found that NSO Group violated the law by hacking abuse the accounts of users without their consent. As noted above, this decision takes an important step of underscoring that companies need to be held accountable for their cybersecurity failures. Instead, it focuses on the dangerous ways they are affecting users.
Implications for Cybersecurity
The result of this lawsuit has much bigger stakes, not just for technology companies, but across the gamut of people worried about their cybersecurity. Regardless, experts believe that this ruling will result in greater scrutiny of spyware companies and tighter regulation of digital surveillance.
Joe Akrotirianakis commented on NSO Group’s practices, stating it “was a specially configured version of Pegasus to be used in demonstration to potential U.S. government customers.” This calls into question the ethics of marketing these technologies to government agencies.
Furthermore, Shohat emphasized that “because customers don’t care which vector they use, as long as they get the intelligence they need,” indicating a troubling mindset within the industry prioritizing results over ethical considerations.
Leave a Reply