A U.S. federal jury has ordered the NSO Group to pay over $167 million in damages for a 2019 campaign that targeted WhatsApp users with Pegasus spyware, marking a significant legal milestone. This case highlights accountability for spyware vendors and emphasizes the importance of cybersecurity and user privacy. (Affected: WhatsApp and its users)
Keypoints :
- The NSO Group was ordered to pay $167,254,000 in punitive damages and $444,719 in compensatory damages.
- The lawsuit was based on a 2019 campaign using Pegasus spyware to target 1,400 WhatsApp users.
- The spyware exploited the CVE-2019-3568 vulnerability in WhatsApp’s VOIP stack for remote code execution.
- Meta, WhatsApp’s owner, filed the lawsuit against NSO Group in October 2019, accusing them of exploiting vulnerabilities to infect users.
- The targets included human rights activists, journalists, and diplomats, not just law enforcement personnel.
- NSO Group’s involvement in infection operations was confirmed during court proceedings, indicating direct liability.
- The case sets a precedent for holding spyware vendors accountable in the United States, potentially impacting the industry.