The Spyware Maker NSO Group will need to pay WhatsApp more than $167 million in damages for its 2019 hacking campaign against more than 1,400 users.
On Tuesday, after a five-year legal battle, ry judges ruled that the NSO group must pay $167,256,000 in punitive damages and about $444,719 in compensatory damages.
This is a major legal victory for WhatsApp, which was demanding more than $400,000 in compensatory damages, based on the time employees had to patch attack fixes, investigate, and patch vulnerabilities abused by NSO groups and focus on unspecified punitive damages.
“Our lawsuits have made history as the first victory over illegal spyware that threatens the safety and privacy of everyone,” Whatsapp spokesman Zade Alsawah said in a statement.
Alsawa said the ruling was “an important step in privacy and security as the first victory over the development and use of illegal spyware that threatens the safety and privacy of everyone. Today, the ju-degree decision to force NSOs to pay the damages is a key deterrent against this malicious industry for illegal activities that serve as illegal industries.
Gil Rayner, a spokesman for the NSO group, left the door open for appeal.
“We will carefully examine the details of the verdict and pursue appropriate legal remedies, such as further proceedings and appeals,” Rayner said in a statement.
TechCrunch Events
Berkeley, California
|
June 5th
Book now
As well as the trial and litigation as a whole, a series of revelations were spurred, including the locations of victims of the 2019 SPYware campaign and the names of some of the NSO group’s customers.
The ruling marks the end of a legal battle that began more than five years ago when WhatsApp filed a lawsuit against Spyware Maker – pending potential appeals. The meta-owned company accused the NSO group of accessing WhatsApp servers and leveraging the audio call vulnerability in the chat app to target around 1,400 people, including dissidents, human rights activists and journalists.
WhatsApp head Will Cathcart explained the reasoning of the lawsuit at the Washington Post at the time, saying, “This should serve as a wake-up call for technology companies, governments and all internet users. Tools that allow surveillance of personal lives are being abused, and the spread of this technology will realize all risks for all our businesses and governments.”
Last December, WhatsApp won. Judge Phyllis Hamilton, who presided over the lawsuit, held that the NSO group is liable for violating federal and California hacking laws in its 2019 SPYware campaign against 1,400 WhatsApp users. The judge held that the NSO group is liable for breaching WhatsApp’s terms of service. This prohibits the use of the app for malicious purposes.
Cathcart celebrated the December ruling with an X post, saying that it was a “big privacy victory” and that “surveillance companies should be aware that illegal spies are not allowed.”
At that point, the case moved to a ju trial, where Spyware Company decided what owed WhatsApp.
John Scott-Railton, a senior researcher at Citizen Lab, has been studying the Spyware industry for over a decade and celebrated the verdict.
“This is an incredible moment for us who have been around since the start of research into mercenary spyware,” Scott Railton told TechCrunch. “NSOs are making millions of dollars to help dictators hack people. After years of all the tricks and delayed tactics, the ju umpire just looked up to the center of the issue and spent a day deliberation. The NSO business is based on hacking American companies.
“The company has suffered serious damage from this trial. With the exception of the major punitive damage, the major impact of this case has hit the NSO’s efforts to hide the business activities,” Scott Railton said.
This story has been updated to include comments from WhatsApp and John Scott-Railton.