After a five-year legal battle, a U.S. court has ordered the Israeli spyware firm NSO Group to pay over $167 million in damages to WhatsApp for its hacking campaign. The verdict includes $167,254,000 in punitive damages and $444,719 in compensatory damages.
The ruling marks the culmination of a legal fight that began in response to NSO Group’s 2019 cyberattack, which exploited a vulnerability in WhatsApp to target more than 1,400 users, including human rights activists, journalists, and dissidents. WhatsApp had demanded over $400,000 in compensatory damages for the time its employees spent investigating the breach, mitigating its consequences, and deploying security updates.
WhatsApp spokesperson Zade Alsawah said in a statement that “this court decision has made history as the first legal victory against unlawful spyware that threatens everyone’s safety and privacy.”
She added:
“This is a significant step forward in the fight for security and privacy. This ruling sends a strong message to foreign spyware vendors like NSO that their illegal actions against U.S. companies and the privacy of the people we serve will not go unpunished.”
NSO Group spokesperson Gil Lainer, however, expressed disagreement with the verdict, stating, “We will carefully review the details of the ruling and pursue all appropriate legal remedies, including appeal.”
The trial also brought to light several key details, including the names of some of NSO Group’s clients and the geographical scope of its spyware campaign. It’s considered a major event not just in the tech world, but also in legal and political circles.
Meta-owned WhatsApp accused NSO Group of illegally accessing its servers and exploiting the app’s call feature to carry out the surveillance campaign.
WhatsApp head Will Cathcart, writing in The Washington Post at the time, described the case as “a wake-up call for internet users, tech companies, and governments alike.”
In December 2024, Judge Phyllis Hamilton ruled that NSO Group had violated both federal and California hacking laws, as well as WhatsApp’s terms of service. The case then proceeded to a jury trial to determine the amount of damages.
John Scott-Railton, a senior researcher at Citizen Lab, which has long studied the spyware industry, hailed the decision as a major blow to companies like NSO.
“This is a turning point for those of us tracking the spyware industry. NSO makes millions helping authoritarian regimes spy on people. That the jury could see through the delays and tactics so clearly and in just one day is powerful,” he said. “This case not only delivers financial penalties but also severely damages NSO Group’s reputation and business model.”
