Israel's NSO Group Liable For Pegasus Hacking Of WhatsApp Users: US Court

Washington DC, US: The Israeli company NSO Group Technology is accused of exploiting a bug in the messaging app WhatsApp to install Pegasus spyware allowing authorised surveillance. A US judge on Friday accused NSO of infecting and surveilling the phones of 1,400 people over a two-week period in May 2019 via its notorious Pegasus software.

US District Judge Phyllis Hamilton in Oakland, California, found out that the Israeli company had violated granted a motion by WhatsApp and found NSO liable for hacking and breach of contract. The case will now proceed to a special jury trial on the issue of damages, Hamilton said.

The US judge found that the NSO Group has violated the US Computer Fraud and Abuse Act. Apple also filed similar lawsuit against the company, but walked back in September.

In a statement released, WhatsApp, the most popular messaging app in the world, said, “After five years of litigation, we’re grateful for today’s decision. NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists and civil society. With this ruling, spyware companies should be on notice that their illegal actions will not be tolerated”.

Also Read: Apple Alerts iPhone Users In India And 91 Other Countries Of ‘Mercenary Spyware’ Attack

Will Cathcart, the head of WhatsApp, said the ruling is a win for privacy. “We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions,” Cathcart said in a social media post.

Earlier this year, Hamilton ordered the company to provide WhatsApp with the source code of its spyware. On Friday she said that NSO repeatedly failed to comply, which is presumed to be a major reason why she granted WhatsApp’s request for sanctions against the company.

In 2019, WhatsApp sued NSO seeking an injunction and damages, accusing it of accessing WhatsApp servers without permission six months earlier to install the Pegasus software on victims’ mobile devices. According to the lawsuit, the intrusion allowed the surveillance of 1,400 people, including journalists, human rights activists and dissidents.

The company had argued that Pegasus helps law enforcement and intelligence agencies fight crime and protect national security. It said the software’s technology is intended to help catch terrorists, pedophiles and hardened criminals. In the lawsuit, the company was demonstrated to be the party that “installs and extracts” information with Pegasus, which was used to infiltrate not only WhatsApp but also iPhones to extract pictures, emails and texts.

Also Read: India Targeting High-Profile Journalists With Pegasus Spyware, Says Amnesty

Meta identified the victims of the hack as senior government officials, journalists, human rights activists, political dissidents and diplomats. Joe Biden’s administration put NSO Group on a blacklist in 2021 and forbid US government agencies from purchasing its products.

NSO appealed a trial judge’s 2020 refusal to award it “conduct-based immunity,” a common law doctrine protecting foreign officials acting in their official capacity. Upholding that ruling in 2021, the San Francisco-based 9th US Circuit Court of Appeals called it an “easy case” because the company’s mere licensing of Pegasus and offering technical support did not shield it from liability under a federal law called the Foreign Sovereign Immunities Act, which took precedence over common law. US Supreme court turned away the NSO’s appeal of the lower court’s decision last year, allowing the lawsuit to proceed.

(With inputs from agencies)