Unlock Editor’s Digest for free
Roula Khalaf, editor of the FT, picks her favorite stories in this weekly newsletter.
WhatsApp has defeated Israeli spyware maker NSO Group in a US lawsuit over NSO’s misuse of the messaging app to allow the infiltration of the phones of journalists, activists and dissidents with its Pegasus hacking tool.
A judge in the Northern District of California ruled Friday that NSO violated hacking laws and the terms of its service agreement with WhatsApp by using the messaging platform to inject its Pegasus spyware into more than 1,000 devices.
The civil ruling did not address the rights of individuals whose phones were hacked, but it gives a victory to tech groups that want to prevent their platforms from being abused by groups targeting their users.
It’s also a win for Apple, Amazon and other tech giants who have backed WhatsApp’s case.
“The court finds no merit in the arguments presented by the NSO group,” Judge Phyllis Hamilton ruled. The summary judgment means that the upcoming trial will only deal with the issue of damages, not whether NSO can be held liable for its actions.
“After five years of litigation, we are grateful for today’s decision,” WhatsApp said. “The NSO can no longer evade responsibility for its unlawful attacks on WhatsApp, journalists, human rights activists and civil society.”
NSO Group did not immediately respond to a request for comment.
Pegasus can read encrypted messages stored on the phone, remotely turn on the camera and microphone, and track your location. Its use has been linked to human rights violations, and the US Department of Commerce has blacklisted the Israeli company.
The legal case was launched after the Financial Times in 2019 report this coincided with WhatsApp’s revelation that its services had been hacked by NSO and Pegasus.
The ruling said NSO Group did not dispute that it “had to reverse engineer and/or decompile the WhatsApp software” to hack the phones, but raised the possibility that it did so before agreeing to WhatsApp’s terms of service.
However, the judge found that “common sense dictates that (NSO) must have first obtained access” to the WhatsApp software, and NSO offered “no plausible explanation” as to how it could have done so without agreeing to the terms of service. It ruled in favor of WhatsApp’s claim that NSO violated federal and state hacking laws.
The judge also found that NSO had “repeatedly failed to produce relevant discovery,” including regarding the Pegasus source code.
“This sets a precedent that will be cited for years to come,” said John Scott-Railton, a researcher at the University of Toronto’s Citizen Lab who investigated the use of Pegasus.
“This is the most watched case of mercenary spyware and everyone will take notice. I predict that this will have a chilling effect on the efforts of other dubious spy companies to enter the US market and the interest of investors to support their hacking,” he said.
