HQ/EMEAFind out how we can help your business
A US federal judge decided that NSO, an Israeli spyware company, violated US hacking laws by utilising zero days to install Pegasus spyware on numerous devices, resulting in the widespread WhatsApp hacks.
NSO Group sells the Pegasus spyware as government surveillance software. It allows clients to monitor victims’ actions and collect data from compromised devices.
A WhatsApp representative described the verdict as a win for privacy after they spent five years presenting their case since spyware businesses constantly hide behind impunity or evade accountability for their illegal activities.
Cathcart, a WhatsApp executive, also emphasised the necessity of accountability for spyware corporations, stating that such firms should be aware that the US government will not tolerate illegal spying. Mark Zuckerberg, CEO of Meta, also appreciated the verdict by saying that he is proud of what his team has fought for and that its app continues to lead in privacy and encryption.
While the court has already found WhatsApp’s favour, the damages will be assessed early next year.
The WhatsApp hacks continued despite the verdict.
According to court filings revealed last month, NSO allegedly used various zero-day bugs, including a previously undiscovered one known as “Erised,” to install Pegasus in zero-click attacks during the surge of WhatsApp hacks.
The documents revealed that the NSO developers reverse-engineered WhatsApp’s code to construct tools that could transmit malicious messages that contain spyware, which violates federal and state regulations.
NSO allegedly continued to use and distribute its exploits to consumers even after WhatsApp filed the complaint in October 2019, until WhatsApp server fixes prevented its access after May 2020. However, the business has denied the claims for its clients’ behaviour, stating that it cannot access the data obtained through its Pegasus spyware platform.
Despite these assertions, Pegasus has been tied to high-profile cybercriminal activities, especially in the United States.
The US Commerce Department’s Bureau of Industry and Security (BIS) sanctioned NSO Group and another Israeli company, Candiru, for providing spyware used to target journalists, government officials, and activists.
