NSO Group Owes Meta $167 Million In Damages For Using WhatsApp Servers To Deliver Malware
from the going-to-have-to-hold-a-bake-sale-or-something dept
We’ll have to see if NSO Group has this sort of cash just laying around. Seems unlikely, what with its financial backers pulling out in response to a steady stream of negative headlines, as well as the company considering exiting the highly-profitable offensive malware market.
Sure, this will be appealed and NSO will try to get the awarded damages trimmed down to a more manageable number, but for now, this is what NSO Group owes Meta, the parent company of WhatsApp:
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last year.
[…]
The jury also awarded Meta $444,719 in compensatory damages.
John Scott-Railton of Citizen Lab has a pretty thorough rundown of this litigation over at Bluesky. Citizen Lab, of course, has been instrumental in revealing abusive deployments of NSO Group’s Pegasus malware by some of its shadier customers. And Citizen Lab has been targeted by some of NSO’s investors in hopes of stopping the self-inflicted bleeding the Israeli malware maker endured over the past four years.
A settlement was expected when NSO Group was ordered to turn over its malware source code by a California federal court. But then NSO asked the Israeli government to raid its offices and seize anything it might be forced to produce in response to WhatsApp discovery requests. Then it let the lawsuit play out, which turned out to be a bad idea. A jury said NSO Group was in the wrong, and for now, at least, it’s on the hook for nearly $168 million in damages.
Meta is taking a deserved victory lap on its site. But of more interest to everyone than news that Meta may become slightly richer are the documents posted by the victorious party, which include transcriptions of NSO Group depositions.
Included in the depositions are the actual price tags for Pegasus, NSO Group’s most powerful and profitable product. As of 2020, $7 million bought governments the ability to deliver spyware to up to 15 targets. If governments wanted to target devices not currently in the country, that added feature ran $1-2 million on its own.
Given that, you’d think NSO would still have plenty of cash in the bank. But spending nearly a half-decade watching your fortunes dwindle and your name become synonymous with humans rights abuses tends to empty the coffers fairly quickly. At some point, NSO will finally have to settle up with WhatsApp. And the success of this lawsuit will hopefully deter other companies with similarly questionable ethics from rushing to fill the void left behind by NSO’s spectacular implosion.
Filed Under: malware, pegasus, source code, spyware, surveillance
Companies: meta, nso group, whatsapp
Comments on “NSO Group Owes Meta $167 Million In Damages For Using WhatsApp Servers To Deliver Malware”
Do the accounts that got hacked get any of this money?
Why NSO Group itself and not the countries/groups that actually did the hacking?
Cars that can go illegally fast can be used to escape cops after a robbery, but it would be virtually impossible to get damages out of a car manufacturer. Arguably the car is designed and sold for other legal uses, but I’m surprised NSO couldn’t make, and win, the same argument for their software: that it has legal uses depending on the jurisdiction, and it’s up to the buyer to use it legally.
Re:
Because that’s not how it works.
First time reading about NSO?
Re:
IANAL but from what I understand it’s more like if the car manufacturer used spiked tires, which would damage the roads. WhatsApp is the roads in that analogy.
If I had to guess, most of them are governments and therefore can’t be sued. Sovereign immunity isn’t just a USA thing.
Re: bad analogy
Yes, they can. But in your hypo the car manufacturer is not being sued for the bank robbery.
In this situation, the malware vendor used the whatsapp service to the injury of the service and its customers. If the car manufacturer were using the bank’s computers to assist robbers in defenestrating the cash, the situation would be different and the manufacturer could be liable.
Re: Re:
Why would bank robbers throw the cash they’re stealing out of a window?
I dont think they can collect tho
Not because NSO hasnt any money, but because they arent allowed to operate in this country (since 2021) so presumably have no assets in this country. Its very difficult to make someone pay when they have no presence within your jurisdiction.