%20(1).webp?w=1600&resize=1600,900&ssl=1)
WhatsApp has prevailed in its five-year-long lawsuit against the NSO Group, the Israeli technology firm behind the controversial Pegasus spyware.
On December 20, 2024, the United States District Court for the Northern District of California granted WhatsApp’s motion for partial summary judgment, holding NSO liable for violating U.S. and California anti-hacking laws, as well as breaching WhatsApp’s terms of service.
The court’s decision resolves all liability issues, leaving only the matter of damages to be determined at trial.
The lawsuit, filed in 2019, alleged that NSO used WhatsApp’s servers to deliver Pegasus spyware to approximately 1,400 devices worldwide.
The spyware was designed to surveil targeted users by exploiting vulnerabilities in WhatsApp’s system.
The court found that NSO exceeded authorized access to WhatsApp’s servers and targeted servers located in California, violating both the Computer Fraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA).
Additionally, NSO was found to have breached WhatsApp’s terms of service by reverse-engineering its software and deploying harmful code.
Sanctions Imposed for Discovery Violations
The court also sanctioned NSO for failing to comply with discovery orders.
Despite repeated directives, NSO did not produce critical evidence, including the full source code of Pegasus spyware, in a manner accessible to WhatsApp or the court.
Instead, it limited access to Israeli citizens within Israel, which was deemed impractical for litigation in California.
As a result, the court issued evidentiary sanctions, concluding that NSO had intentionally targeted WhatsApp’s California-based servers.
This finding was crucial in establishing jurisdiction over NSO in the United States and supported WhatsApp’s claims under California law.
The ruling also dismissed NSO’s arguments that its actions were carried out by its clients—primarily government entities—and not by the company itself.
The court held that NSO conspired with its clients to deploy Pegasus spyware, thus sharing liability for their actions.
Implications for Cybersecurity and Privacy
This decision marks a significant precedent in holding technology firms accountable for cyberattacks facilitated through their tools.
The court’s ruling reinforces the principle that companies cannot evade responsibility for the malicious use of their software by claiming client autonomy.
It also underscores the importance of adhering to contractual obligations and respecting user privacy.
For WhatsApp, this victory is a critical step in its ongoing efforts to protect user data and secure its platform from unauthorized intrusions.
For NSO Group, the ruling represents another blow amid growing global scrutiny over the misuse of Pegasus spyware.
The trial on damages will determine the financial consequences for NSO Group as WhatsApp seeks compensation for costs incurred during its investigation and remediation efforts.
This case serves as a reminder of the legal risks associated with developing and deploying surveillance technologies without adequate safeguards against abuse.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Node.js systeminformation Vulnerability Let Attackers Execute Remote Code")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "15 million Fine Imposed by Italt to Open AI For Violating GDPR")
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The%20court's%20decision%20resolves%20all%20liability%20issues,%20leaving%20only%20the%20matter%20of%20damages%20to%20be%20determined%20at%20trial.){kind=link}