US Court Rules NSO Group Liable for WhatsApp Hack
In a landmark decision, a federal court in California has ruled that the Israeli cybersecurity firm NSO Group is responsible for a 2019 hack of WhatsApp, which involved the installation of the Pegasus spyware on 1,400 mobile devices. The ruling, delivered by U.S. District Judge Phyllis Hamilton, marks a significant victory for WhatsApp and its parent company Meta Platforms in their ongoing battle against the spyware industry. The court found that NSO Group violated the Computer Fraud Act (CFAA) by exploiting a vulnerability in WhatsApp's systems to conduct unauthorized surveillance.
Implications for the Spyware Industry
The ruling is expected to have profound implications for the spyware industry, as it holds NSO Group accountable for its actions. WhatsApp CEO Will Cathcart hailed the decision as a victory for privacy, emphasizing that spyware companies cannot evade responsibility for illegal activities. Cybersecurity experts, including John Scott-Railton from Citizen Lab, described the ruling as historic, asserting that it sets a precedent for future cases against spyware firms that claim immunity from legal accountability.
Next Steps in the Legal Process
Following the ruling, the case will proceed to trial to determine the amount of damages NSO Group will be required to pay. WhatsApp has indicated that it may seek additional sanctions against NSO for its refusal to provide the source code of the Pegasus software. This ruling comes in the wake of NSO's previous legal battles, including a failed appeal for conduct-based immunity and being placed on the US Department of Commerce's blacklist in 2021, which restricts American companies from engaging with NSO without special permission.
