Catching Spyware Hackers in the Act: NSO Group Faces a Huge Fine for Invasive WhatsApp Spying
- Author: Malte Mansholt
- Approximate Read Time: 2 Minutes
WhatsApp Hackers Now Facing Millions in Payment Due to Successful Intrusions - Unauthorized individuals gain access to WhatsApp message data, now face steep financial penalties.
A surprise hit: Despite strong encryption measures, the Israeli hacker group NSO Group found a way to infiltrate WhatsApp back in 2018, spying on thousands of innocent users. Subtly turning on cameras and microphones, the hack went unnoticed. Recently, they were fined a whopping million dollars.
The jurors of the Northern California District Court have imposed a $167.25 million fine (approximately €147 million). This consists of $444,719 in compensation and the rest as a penalty. Meta, the WhatsApp operator, brought the lawsuit against NSO Group once they uncovered the spying activities. According to speculations, NSO Group had targeted more than 1,400 WhatsApp users, including journalists, human rights activists, and government critics. Jamal Khashoggi, the journalist murdered in 2018, was also a target for Pegasus in the past.
Snooping In Stealth Mode
Victims were blissfully unaware of the breach. The NSO Group exploited a then-unknown security loophole called a zero-day vulnerability. Malicious software was trickled into devices via silent calls or texts. No action was required from the users. Such attacks are scarce, and those vulnerabilities are aggressively traded for millions of dollars. With the installation, hackers could read messages, monitor emails, access photos, and even control cameras and microphones. Comprehensive surveillance, impossible to ward off.
Meta personnel discovered the fault in May 2019. Identifying the more than 1,400 victims and investigating the circumstances took months. From detecting the hack to initial accusations against NSO Group, five months went by.
WhatsApp Paving the Way
The trial highlighted the questionable tactics of hacker firms usually operating in the shady fringes. Under oath, the NSO Group admitted to spending millions annually to exploit security weaknesses in WhatsApp and other programs. They claimed they only offer their programs to combat terrorism, child abuse, or other serious crimes. Ironically, their clients are forbidden from monitoring journalists, critics, or human rights activists.
The plaintiffs successfully persuaded the jury otherwise, stating, "This is the first time spyware operators have been taken to court, and their practices have been openly scrutinized." Meta celebrated the verdict as a vital step toward safeguarding privacy and security, while Apple is also suing NSO Group due to Pegasus's invasive capabilities (more info here). The case is ongoing.
Clear-cut Judgment
"Apparently, there's little love for companies that help dictators spy on dissidents," a Citizen Lab researcher shared on the social messaging platform Bluesky. "NSO had all sorts of clever legal arguments and a well-oiled PR machine. But when their activities were exposed, the jury sent a clear message to other firms: You could very well be next."
The NSO Group remains resilient, ready to contest the verdict further with potential appeals in the works.
Sources: The Verge, Meta, Courthouse News Service
- WhatsApp, Messenger
Enrichment Data: The suit initiated by NSO Group for hacking WhatsApp users culminated in a substantial ruling in favor of WhatsApp. A federal jury in the Northern California District Court demanded NSO Group pay over $167 million in damages to WhatsApp. This includes nearly $167 million in punitive damages and $444,719 in compensatory damages[2][3][4]. The decision symbolizes a significant victory for WhatsApp and sets a precedent for similar situations involving spyware misuse[2]. NSO Group has indicated its intentions to appeal the verdict, asserting their technology is responsibly utilized by authorized government agencies to combat crime and terrorism[2]. Despite this, the ruling has been praised as a significant advancement for digital privacy and serves as a deterrent against the misuse of spyware[3]. The case began in 2019, when Meta, the WhatsApp operator, sued NSO Group upon discovering Pegasus spyware intrusions[2]. Gaining widespread attention due to its implications for digital privacy and the use of spyware by governments globally[1][2].
"What's up, messenger?" In light of the recent WhatsApp-NSO Group case, it seems the new response for the messaging service might be, "You could very well be fined millions if your service is used for cybersecurity breaches." The NSO Group, infamous for prowling digital space with their spyware, has been ordered by the Northern California District Court to pay over $167 million in damages to WhatsApp.
