A federal judge has ruled that the Israeli spyware developer NSO Group violated hacking laws by exploiting WhatsApp to deploy its Pegasus spyware.
The decision marks a significant milestone in a five-year legal battle initiated by WhatsApp, owned by Meta, over the unlawful targeting of 1,400 users, including journalists, human rights defenders, and government officials.
Judge Phyllis Hamilton of Northern California concluded that NSO breached both state and federal hacking laws and WhatsApp’s terms of service, which explicitly ban malicious use of the platform. The court found that NSO reverse-engineered WhatsApp’s software to exploit an audio-calling vulnerability, enabling the clandestine installation of Pegasus spyware on users’ devices.
NSO contested whether it agreed to WhatsApp’s terms of service before conducting its operations. However, Hamilton deemed this argument implausible, stating that NSO must have accessed the platform in violation of its rules. The judge also criticized NSO for failing to comply with discovery orders, including the refusal to produce the Pegasus source code and internal communications about exploiting WhatsApp’s vulnerabilities.
“NSO’s lack of compliance with discovery orders raises serious concerns about their transparency and willingness to cooperate with the judicial process,” Judge Hamilton noted.
Meta welcomed the ruling, with WhatsApp spokesperson Emily Westcott emphasizing its significance. “Spyware companies should be on notice that their illegal actions will not be tolerated,” she stated. Will Cathcart, WhatsApp’s head, hailed the decision as a “huge win for privacy.”
NSO, through its spokesperson, declined to comment but has previously justified Pegasus as a tool for combating crime and safeguarding national security. The case is now set to proceed to a jury trial in March 2025, which will determine the damages NSO must pay.
Featured Image courtesy of Jakub Porzycki/NurPhoto via Getty Images
Follow us for more tech news updates.