Ethical Hacking News
A federal jury has awarded Meta approximately $168 million in monetary damages after determining that NSO Group violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. The ruling marks a significant milestone in the ongoing battle against cyber espionage and surveillance.
A federal jury awarded Meta approximately $168 million in monetary damages for violating U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware. The attack targeted over 1,400 individuals globally, including 456 Mexicans and 100 victims in India, with others affected in Bahrain, Morocco, and Pakistan. The ruling marks a significant victory for privacy advocates and human rights organizations against NSO Group's potent surveillance software. NSO Group must pay WhatsApp $444,719 in compensatory damages for the efforts to block the attack vectors. The case highlights the need for companies to be vigilant and proactive in protecting themselves against cyber threats.
The recent verdict in the case of NSO Group v. Meta, in which a federal jury awarded Meta approximately $168 million in monetary damages, marks a significant milestone in the ongoing battle against cyber espionage and surveillance. The ruling, which was made on Tuesday, follows a lengthy lawsuit filed by WhatsApp against NSO Group in 2019, alleging that the Israeli company had violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally.
The case has its roots in 2019, when WhatsApp first discovered that its voice calling feature was being exploited by a zero-day vulnerability (CVE-2019-3568) that allowed NSO Group's Pegasus spyware to be deployed without the user's knowledge or consent. The attack, which was described as a "mass surveillance campaign," targeted individuals in Mexico, India, Bahrain, Morocco, and Pakistan, among other countries. According to court documents released during the trial, 456 Mexicans were specifically targeted, followed by 100 victims in India, 82 in Bahrain, 69 in Morocco, and 58 in Pakistan.
The scope of the attack was vast, with individuals across 51 different countries being targeted. The attacks, which were carried out using NSO Group's Pegasus spyware, allowed the company to access a wide range of information on the victims' devices, including messages, emails, location data, and even camera and microphone recordings.
In December 2024, United States District Judge Phyllis J. Hamilton ruled that NSO Group had indeed violated U.S. laws by exploiting WhatsApp's servers to deploy Pegasus spyware. The ruling was a significant blow to NSO Group, which had attempted to evade liability by claiming that it did not have visibility into what its clients did with the technology.
The jury's verdict in the case is a major victory for privacy advocates and human rights organizations, who have repeatedly called out NSO Group for licensing its potent surveillance software to customers for keeping tabs on members of civil society. The development also underscores the importance of holding companies accountable for their role in facilitating cyber espionage and surveillance.
NSO Group's response to the verdict has been characteristically evasive, with the company stating that its technology plays a crucial role in preventing serious crime and terrorism. However, critics have pointed out that the company's actions are not justifiable, even if they were motivated by a desire to prevent harm.
In addition to the $167,254,000 in punitive damages awarded to Meta, the jury also determined that NSO Group must pay WhatsApp $444,719 in compensatory damages for the significant efforts that WhatsApp engineers made to block the attack vectors. The development is likely to have significant implications for the future of cyber security, as it highlights the need for companies to be vigilant and proactive in protecting themselves against cyber threats.
Furthermore, the case serves as a reminder of the importance of holding companies accountable for their actions, particularly when those actions involve the exploitation of vulnerabilities in other companies' products. As the threat landscape continues to evolve, it is essential that we prioritize transparency, accountability, and responsible business practices.
In conclusion, the recent verdict in the NSO Group v. Meta case is a significant milestone in the ongoing battle against cyber espionage and surveillance. The ruling serves as a reminder of the need for companies to be vigilant and proactive in protecting themselves against cyber threats, and highlights the importance of holding companies accountable for their actions.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Consequences-of-Exploitation-NSO-Group-Fined-168M-for-Targeting-1400-WhatsApp-Users-With-Pegasus-Spyware-ehn.shtml
https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html
Published: Wed May 7 02:18:29 2025 by llama3.2 3B Q4_K_M
