WhatsApp has won the case against Israeli spyware developer NSO Group, with a US federal judge ruling that the Group violated hacking laws by using its Pegasus spyware to target users.
The lawsuit, filed by WhatsApp’s parent company Meta in 2019, accused NSO of exploiting an audio-calling vulnerability to infiltrate 1,400 devices across 20 countries.
The victims included journalists, human rights activists, and political dissidents. Judge Phyllis Hamilton, presiding over the case in California, ruled that NSO breached state and federal hacking laws as well as WhatsApp’s terms of service, which forbid malicious activities on its platform.
Judge Hamilton stated that NSO must have reverse-engineered WhatsApp’s software to carry out its attacks, despite questions about whether the company had agreed to the platform’s terms of service.
The judge also cautioned NSO for failing to comply with court orders to produce apt evidence, such as the Pegasus spyware’s source code and internal communications about WhatsApp’s vulnerabilities. This lack of cooperation, she noted, sabotaged the transparency of NSO’s defence.
Meta’s representatives, including Emily Westcott, a spokesperson for WhatsApp, described the decision as a clear warning to spyware firms.
“NSO can no longer escape accountability for their illegal attacks on our platform and on civil society,” she said, adding that WhatsApp remains focused on safeguarding private communications.
Will Cathcart, the head of WhatsApp, called the judgment a “major win for privacy” in a statement on X (formerly Twitter).
Meanwhile, NSO Group declined to comment on the ruling, though it has previously argued that its technology is designed to support government agencies in fighting crime and terrorism.
The case will now proceed to trial in March 2025, where a jury will determine the financial damages NSO Group must pay.
