San Francisco, California — An American federal jury has ordered the NSO Group, an Israeli firm known for its controversial surveillance software, to pay Meta $167.25 million for hacking 1,400 users through its WhatsApp messaging platform. The verdict was reached on Tuesday, with the jury finding NSO liable for a series of malicious attacks carried out in 2019.
Meta, the parent company of WhatsApp, initially filed the lawsuit after cybersecurity researchers at Citizen Lab identified a vulnerability exploited by NSO’s Pegasus spyware. This sophisticated software could remotely access a user’s device, enabling intruders to activate the camera and microphone, read messages, and track locations even when the target did not answer an incoming call.
The campaign predominantly targeted individuals including activists, journalists, and diplomats, raising significant concerns about privacy and security in a digital age. Apple has also taken action against NSO for similar allegations involving its iPhone users.
In addition to the substantial financial penalty, the jury awarded Meta $444,719 in compensatory damages. Meta hailed the ruling as a critical advancement in the fight against illegal spyware, asserting that it affirms the importance of user privacy and safety. “This decision sends a strong message against the use of malicious spyware,” Meta stated, emphasizing the verdict as a vital deterrent to illicit surveillance practices.
Following the jury’s decision, Meta plans to seek a court order to prevent NSO from further targeting its platforms, signaling a commitment to safeguard user data. The company has also pledged to donate to digital rights organizations that work to protect individuals from spyware.
In a response, NSO Group’s spokesperson expressed disappointment with the ruling and announced that the company will review the verdict closely in preparation for potential legal remedies, including an appeal.
The outcome of this case could have broader implications for the technology industry, especially regarding the responsibilities of companies that develop and deploy surveillance tools. Analysts suggest that the case highlights the ongoing tension between tech companies and spyware vendors, as the stakes for user privacy and security continue to rise in an era dominated by digital communications.
As the legal battles unfold, both companies are now at a crossroads, defining the future of privacy and the extent of accountability for surveillance practices.