An American judge has ruled that NSO Group is responsible for the spyware attack on fourteen hundred WhatsApp users in 2019. WhatsApp director Will Cathcart calls the ruling a ‘major victory’ for privacy. Citizen Lab security researcher and spyware expert John Scott-Railton calls it a big win for spyware victims and a big loss for NSO.
WhatsApp decided to sue NSO Group in 2019 after fourteen hundred WhatsApp users were infected with the company’s Pegas spyware. These included journalists, human rights activists and government officials. NSO had always claimed that the spyware was only used to track down terrorists and serious criminals. Pegasus is spyware that makes it possible to spy on victims through their microphone and camera and to listen in and intercept conversations and communications via WhatsApp, Gmail, Viber, Facebook, Telegram, Skype, WeChat and other apps, as well as determine their location. The spyware has been spread via zero-day attacks since at least 2016.
A security hole in the chat app was used to infect fourteen hundred WhatsApp users with the spyware. NSO always stated that it was not responsible for how customers used the Pegasus spyware. Documents shared by the company before the lawsuit showed this to be incorrect. It was NSO that installed Pegasus on victims’ phones and collected data.
