Monday, December 23, 2024
HomeCyber Security NewsWhatsApp Wins NSO in Pegasus Spyware Hacking Lawsuit After 5 Years

WhatsApp Wins NSO in Pegasus Spyware Hacking Lawsuit After 5 Years

Published on

SIEM as a Service

After a prolonged legal battle stretching over five years, WhatsApp has triumphed over NSO Group in a significant lawsuit concerning the use of Pegasus spyware.

The verdict, handed down by the United States District Court for the Northern District of California, marks a major milestone in the fight against cyber espionage and reinforces the tech industry’s commitment to user privacy and security.

The lawsuit, initiated by WhatsApp’s parent company Meta (formerly Facebook) in October 2019, alleged that NSO Group exploited WhatsApp servers to distribute Pegasus spyware to approximately 1,400 mobile devices worldwide.

- Advertisement - SIEM as a Service

The spyware enabled covert surveillance of the users, many journalists, activists, and government officials.

WhatsApp’s claims centered on violations of the U.S. Computer Fraud and Abuse Act (CFAA), California’s Comprehensive Computer Data Access and Fraud Act (CDAFA), and breach of contract.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Key Legal Outcomes

The court ruled in favor of WhatsApp on all remaining claims. Judge Phyllis J. Hamilton’s decision was based on substantial evidence demonstrating that NSO Group purposefully targeted WhatsApp’s servers, some based in California, to deploy the spyware.

The court determined that these actions exceeded authorized access and clearly breached WhatsApp’s Terms of Service.

Furthermore, WhatsApp’s motion for sanctions against NSO Group for non-compliance in discovery was partially granted.

The court criticized NSO for failing to produce critical Pegasus source code and internal documents, limiting WhatsApp’s ability to analyze the spyware’s functioning. As a result, evidentiary sanctions were imposed, further strengthening WhatsApp’s position.

This landmark victory underscores the legal accountability of entities involved in cyberattacks, even when acting under the guise of national security or government contracts.

NSO Group, whose Pegasus software has gained notoriety for its use by authoritarian regimes to surveil dissidents, faced intense global scrutiny throughout the case.

Will Cathcart, Head of WhatsApp, celebrated the verdict, stating, “This victory sends a strong message to tech companies and governments around the world: private communications must remain private, and those who violate user trust will face consequences.”

The decision addresses liability, leaving the determination of damages for a future trial. WhatsApp is expected to argue for significant compensation, citing the costs incurred during its investigation and the heightened measures required to secure its platform against such incursions.

For NSO Group, the ruling represents a severe blow to its operations and reputation. Coupled with earlier sanctions and restrictions, including being blacklisted by the U.S. Department of Commerce, NSO faces a precarious future.

This case sets a powerful precedent for corporations aiming to protect their users from intrusive surveillance and reinforces the importance of digital security in an increasingly interconnected world.

With this legal win, WhatsApp has reaffirmed its commitment to defending user privacy against sophisticated cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...