A federal judge in California says NSO Group, the Israeli cyber surveillance company behind Pegasus spyware, hacked into the company’s systems by sending malware to thousands of users’ cell phones through its own servers. Agreed with WhatsApp’s view. WhatsApp and its parent company Meta sued NSO Group in 2019, accusing it of spreading malware to 1,400 mobile devices in 20 countries for surveillance purposes. They revealed at the time that some of the targeted phones were owned by journalists, human rights activists, prominent women leaders and political dissidents. The Washington Post reported that District Judge Phyllis Hamilton granted WhatsApp’s motion for summary judgment against NSO, ruling that the company violated the Computer Fraud and Abuse Act (CFAA).
When the lawsuit was filed, NSO Group contested the allegations in the “strongest possible terms.” The company denied any involvement in the attack, telling Engadget at the time that its sole purpose was to “provide technology to authorized government intelligence and law enforcement agencies in support of the fight against terrorism and serious crime.” ” That was the case. The company argued that it should not be held responsible because it only sells services to government agencies, making targeting decisions. In 2020, Meta expanded its lawsuit, accusing the company of using US-based servers to conduct Pegasus spyware attacks.
Judge Hamilton ruled that NSO Group violated the CFAA. That’s because NSO Group appears to have fully acknowledged that the modified WhatsApp programs used by its clients to target users are sending messages through legitimate WhatsApp servers. These messages allow Pegasus spyware to be installed on the user’s device. The target is infected without even having to do anything, such as picking up the phone to make a call or clicking on a link. The court also ruled that the plaintiff’s motion for sanctions must be granted because NSO Group “repeatedly (failed) to present relevant evidence,” and the most important The object was the Pegasus source code.
WhatsApp spokesperson Karl Woog told the Post that the company believes this is the first court ruling finding that a major spyware vendor violated U.S. hacking laws. “We are grateful for today’s decision,” Woog told the publication. “NSO can no longer escape responsibility for its unlawful attacks on WhatsApp, journalists, human rights defenders, and civil society. This judgment requires spyware companies to realize that their illegal activities will not be tolerated.” Judge Hamilton said in her judgment that her order resolves all issues regarding NSO Group’s liability and that the trial will only proceed to determine the amount of damages the company should be awarded.
