NSO Group Ordered to Pay $167 Million Over WhatsApp Spyware Case

The developer of the controversial Pegasus spyware, NSO Group, has been ordered to pay $167 million to WhatsApp for a 2019 cyberattack that targeted 1,400 users through the messaging platform, BBC reports.

In addition to the primary judgment, the Israeli surveillance technology firm was also ordered to pay $444,000 in damages, concluding a six-year legal battle with WhatsApp’s parent company, Meta. The ruling marks the first time a spyware developer has been held financially accountable for exploiting vulnerabilities in smartphone systems.

Pegasus is capable of covertly infiltrating mobile devices to access data, including camera and microphone feeds, without the user’s knowledge. While NSO Group maintains that the software is intended for use by authorized government agencies against serious criminals and terrorists, it has been widely criticized for allegedly enabling authoritarian regimes to target journalists, human rights activists, political dissidents, and even heads of state.

“This is the first victory against the development and use of illegal spyware,” Meta said in a statement, describing the verdict as a major step forward in holding spyware developers accountable. “The jury’s decision to force NSO to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies.”

NSO Group said:

“[NSO Group would] carefully examine the verdict’s details and pursue appropriate legal remedies, including further proceedings and an appeal.”

The Pegasus software became a global controversy in 2021 when a leaked list of 50,000 phone numbers believed to be potential targets was shared with international media outlets. Investigations revealed the numbers included those of presidents, prime ministers, business leaders, activists, and over 180 journalists. High-profile figures reportedly affected include French President Emmanuel Macron and associates of murdered Saudi journalist Jamal Khashoggi.

Reports from The Citizen Lab, a Canadian cybersecurity watchdog, suggested that Pegasus may have been used to target officials at the UK’s Downing Street and Foreign Office as well.

NSO has consistently defended the use of its technology, stating in response to the ruling:

“We firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorised government agencies.”

Legal experts suggest that this ruling could pave the way for further lawsuits by other technology companies whose platforms were compromised by Pegasus, potentially widening the legal implications for NSO and similar firms.