Friday, May 9, 2025
Latest:
News

NSO Ordered to Pay Record $167 Million to WhatsApp in Landmark Spyware Verdict

HackAcademy

Jury delivers the costliest blow yet to the spyware trade

A federal jury in Oakland, California, has ordered Israel-based NSO Group to pay $167 million in punitive and compensatory damages for hacking more than 1,000 WhatsApp users with its Pegasus spyware. The award—$167,256,000 in punitive damages and $440,000 in compensatory damages—caps six years of litigation and marks the largest financial penalty ever levied against a commercial surveillance vendor.

U.S. District Judge Phyllis J. Hamilton had already found NSO liable in December, ruling that the company violated both the federal Computer Fraud and Abuse Act and California’s anti-hacking statute by using WhatsApp’s servers to deliver malicious code to targets’ phones. The jury’s task this week was to decide how much the company should pay.

How the case unfolded

  • 2019: WhatsApp sued NSO after discovering that Pegasus had exploited a flaw in its secure-calling feature to infect some 1,400 devices belonging to journalists, diplomats, activists and government officials.

  • Appeals and delays: NSO argued that it deserved sovereign-immunity protections because it sells only to governments, but appeals courts—and eventually the U.S. Supreme Court—rejected that defence.

  • 2023–24: NSO resisted turning over Pegasus source code, prompting sanctions and further court orders.

  • December 2024: Judge Hamilton issued summary judgment in WhatsApp’s favour, leaving only damages for the jury to decide.

The trial featured rare testimony from NSO executives, who acknowledged the firm’s 140-strong research team actively hunts for zero-day vulnerabilities in iPhones, Android devices and popular apps.

Meta hails a “critical deterrent”

WhatsApp owner Meta welcomed the verdict as a milestone for digital privacy. The company said it plans to secure a permanent injunction preventing NSO from ever targeting WhatsApp again and, if it collects the damages, intends to donate the money to digital-rights organisations that track and expose spyware.

Digital watchdog Citizen Lab, which first rang alarm bells over Pegasus, praised WhatsApp’s persistence, noting that no government had sanctioned NSO when the lawsuit began. The ruling, it said, shows that private companies can play a role in checking the excesses of the surveillance industry.

NSO vows to appeal

NSO Group said it is “fully committed” to developing tools for legitimate law-enforcement use and signalled it would likely appeal. The company’s chief executive, Yaron Shohat, testified that NSO posted losses of $12 million in 2024 and $9 million in 2023, arguing the firm would struggle to pay substantial damages.

During closing arguments, NSO’s counsel contended the lawsuit was more about publicity than actual harm to WhatsApp, insisting Pegasus never executed code on Meta servers or extracted data from them.

Why the ruling matters

  • Precedent: It is the first U.S. jury verdict to impose punitive damages on a spyware vendor for hacking a mainstream platform.

  • Financial deterrent: Punitive damages exceed NSO’s annual research budget more than threefold, sending a warning to rival suppliers.

  • Policy momentum: The decision reinforces U.S. moves to blacklist NSO and may embolden allies to tighten export controls on offensive cyber tools.

Pegasus remains one of the most sophisticated commercial spy platforms, capable of silently infiltrating smartphones, harvesting passwords, activating cameras and microphones, and reading encrypted chats. Although NSO claims the tool is geo-fenced against U.S. numbers, investigations have repeatedly shown Pegasus used against political opponents, journalists and human-rights workers worldwide.

What’s next

Meta will seek a court order barring NSO from targeting its services and begin the lengthy process of collecting the award. Meanwhile, policymakers and privacy advocates are likely to cite the verdict as proof that stronger regulation—and stiffer penalties—are needed to rein in an industry that profits from digital intrusion.

For NSO, the judgment threatens both its finances and its already battered reputation. Whether the company can survive an eight-figure penalty, or persuade appellate courts to scale it back, could shape the future of the global spyware market.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *