A court has determined that NSO Group Israeli cybersecurity company is responsible for the breach of privacy involving its Pegasus spyware which was used to hack WhatsApp users. The ruling found that NSO software facilitated unauthorized surveillance of individuals infringing upon their privacy. This decision adds to the mounting global concern over the misuse of Pegasus which has reportedly been employed to target journalists, human rights advocates and political dissidents.
A US District Judge in Oakland California granted motion from WhatsApp and ruled that NSO Group was liable for hacking and breach of contract.
A US judge ruled on Friday in favor of a lawsuit accusing Israel NSO Group of exploiting a vulnerability in a messaging app to install spyware enabling unauthorized surveillance.
US District Judge Phyllis Hamilton in Oakland California granted a motion from the messaging app and found NSO liable for hacking and breach of contract.
The case will now proceed to trial solely on the issue of damages Hamilton stated. NSO Group did not immediately respond to a request for comment.
The head of the messaging app praised the ruling as a victory for privacy.
We spent five years presenting our case because we firmly believe that spyware companies should not be allowed to evade responsibility for their unlawful actions he said in a social media post. Surveillance companies should be on notice that illegal spying will not be tolerated.
Cybersecurity experts also welcomed the judgment
John Scott Railton senior researcher with Canadian internet watchdog Citizen Lab which uncovered NSO Pegasus spyware in 2016 called the ruling a landmark decision with significant implications for the spyware industry.
The entire industry has claimed that whatever their customers do with their hacking tools it’s not their responsibility he said. Today ruling makes it clear that NSO Group is in fact responsible for breaking numerous laws.
In 2019 the messaging app sued NSO seeking an injunction and damages accusing the company of accessing its servers without permission to install Pegasus software on victims mobile devices. The lawsuit claimed the intrusion allowed surveillance of 1400 individuals including journalists, human rights activists and dissidents.
NSO defended its software arguing that Pegasus helps law enforcement and intelligence agencies combat crime and protect national security by targeting terrorists, pedophiles and other criminals.
NSO had appealed a trial judge 2020 refusal to grant conduct based immunity legal doctrine that protects foreign officials acting in an official capacity.
In 2021 the San Francisco based 9th US Circuit Court of Appeals upheld the lower court ruling, stating that NSO licensing of Pegasus and offering technical support did not protect it from liability under the Foreign Sovereign Immunities Act federal law that overrides common law immunity.
The US Supreme Court last year declined to hear NSO appeal allowing the lawsuit to move forward.
