Judge rules Israeli firm NSO Group liable for damages in WhatsApp hacking case
CNN
—
Messaging service WhatsApp claimed a major legal victory over Israeli spyware firm NSO Group on Friday after a federal judge ruled that NSO was liable under federal and California law for a 2019 hacking spree that breached over 1,000 WhatsApp users.
It's a rare legal win for activists who have sought to rein in companies that make powerful spyware, or software capable of surveilling calls and texts, that has reportedly been used on journalists, human rights advocates and political dissidents worldwide.
The case will now go to trial on the question of what damages NSO Group owes Meta-owned WhatsApp, Judge Phyllis Hamilton of the Northern District of California wrote in her ruling on Friday granting WhatsApp's motion for partial summary judgment.
The landmark case began in 2019, when WhatsApp filed suit accusing NSO Group of breaking a federal anti-hacking law, alleging that the company's flagship custom malware, Pegasus, was used on human rights advocates and journalists in a sweeping attack in the spring of that year.
NSO Group did not immediately return a request for comment on Friday evening. The company has previously denied wrongdoing and said that its products are used to fight crime and terrorism.
"Surveillance companies should be on notice that illegal spying will not be tolerated," Will Cathcart, the head of WhatsApp, said in a social media post.
The market for commercial spyware has exploded over the last decade as companies from Israel to North Macedonia have hawked their services and many governments have been willing buyers. At least 74 countries have contracted with private firms to obtain commercial spyware, the US intelligence agencies said in their annual threat assessment.
The Biden administration has tried to crack down on spyware makers, particularly after the State Department discovered in 2021 that the iPhones of about a dozen of its diplomats were hacked using NSO Group-developed spyware.
US officials have been alarmed by a "very aggressive effort" by spyware vendors to market their hacking tools to various US agencies, a US National Security Council official previously told CNN.
The FBI, for example, confirmed in 2022 that the bureau bought a testing license for Pegasus. The FBI has not used Pegasus in investigations, according to the bureau.
Friday's ruling in favor of WhatsApp "sets a precedent that will be cited for years to come," said John Scott-Railton, a researcher at the University of Toronto's Citizen Lab, who has investigated the use of NSO Group's spyware.
"This is the most-watched case about mercenary spyware and everyone is going to take note," Scott-Railton told CNN. The ruling could have a "chilling effect" on efforts by other spyware companies to enter the US market, he added.
