US judge finds Pegasus spyware maker liable over WhatsApp hack
https://www.theguardian.com/technology/2024/dec/20/whatsapp-pegasus-spyware-nso-group-hacking Version 0 of 1. WhatsApp celebrates victory as judge finds Israeli company NSO Group violated state and federal US hacking laws WhatsApp claimed legal victory over the maker of Pegasus spyware late on Friday. The Israeli company, NSO Group Technologies, was accused in a lawsuit by Meta’s messaging app of infecting and surveilling the phones of 1,400 people over a two-week period in May 2019 via its notorious Pegasus software. The judge in the case, Phyllis Hamilton, found the company had violated state and federal US hacking laws as well as WhatsApp’s own terms of service. NSO Group will face a separate jury trial in March 2025 to determine the damages it owes WhatsApp, the world’s most popular messaging service. WhatsApp said in a statement: “After five years of litigation, we’re grateful for today’s decision. NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists and civil society. With this ruling, spyware companies should be on notice that their illegal actions will not be tolerated.” NSO Group did not immediately respond to a request for comment. In a summary judgment, the judge found NSO Group violated the US Computer Fraud and Abuse Act. Apple had filed a similar suit against the company but dropped it in September. NSO Group dragged its feet throughout the litigation, according to the judge’s ruling. Hamilton had ordered NSO Group to provide WhatsApp with the source code of its spyware in early 2024. In her Friday ruling, however, she said the company repeatedly failed to comply, a major reason she granted WhatsApp’s request for sanctions against the company. Though the lawsuit was filed in California, NSO Group made its source code available to view only in Israel by an Israeli citizen, which the judge called “simply impracticable”, according to the ruling. NSO Group has repeatedly said its government clients control the use of Pegasus and are responsible for hacking carried out with it, but filings in the case showed that not to be true. The company was demonstrated to be the party that “installs and extracts” information with Pegasus, which was used to infiltrate not only WhatsApp but also iPhones to extract pictures, emails and texts. Among the victims of the hack identified by Meta were senior government officials, journalists, human rights activists, political dissidents and diplomats. Joe Biden’s administration put NSO Group on a blacklist in 2021 and forbid US government agencies from purchasing its products. Pegasus has been implicated in hacks by authoritarian governments across the world. |