A federal judge in California has agreed with WhatsApp that NSO Group, the Israeli cybersurveillance company behind the Pegasus spyware, breached its terms by sending malware through its servers to thousands of its users’ phones. WhatsApp and its parent company, Meta, sued NSO Group in 2019 and accused it of spreading malware to 1,400 mobile devices in 20 countries with surveillance as its target. They revealed back then that some of the calls that were directed at them were from journalists, human rights activists, prominent women leaders and political dissidents. The Washington Post reports that District Judge Phyllis Hamilton granted WhatsApp’s request for summary judgment against NSO and ruled that it violated the US Computer Fraud and Abuse Act (CFAA).
NSO Group denied the allegations in “strong terms” when the lawsuit was filed. It denied any involvement in the attack and told Engadget at the time that its sole purpose was to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. The company argued that it should not be held responsible, because it simply sells its services to government agencies, which determine their goals. In 2020, Meta escalated its case and accused the company of using US-based servers to carry out its Pegasus spyware attack.
Judge Hamilton ruled that NSO Group violated the CFAA, because the company appeared to fully admit that the modified WhatsApp program its customers used to target users to send messages through official WhatsApp servers. Those messages then allow the Pegasus spyware to be installed on users’ machines – the target doesn’t even have to do anything, like pick up the phone to answer a call or click on a link, to get infected. The court also found that the plaintiff’s request for punitive damages should be granted because of NSO Group’s “repetition. [failing] generating a suitable detection,” the most important of which is the Pegasus source code.
WhatsApp spokesperson Carl Woog said Posted that the company believes this is the first court ruling that admits that a major spyware vendor violated US anti-hacking laws. “We are grateful for today’s decision,” Woog said in a statement. “NSO will no longer be able to avoid accountability for their illegal attacks on WhatsApp, journalists, human rights activists and civil society organizations. With this decision, spyware companies must realize that their illegal actions will not be tolerated.” In his decision, Judge Hamilton wrote that his order resolves all issues related to NSO Group’s liability and that the trial will continue only to determine how much the company should pay in damages.
Source link
