Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit
On Tuesday, WhatsApp scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company.
The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than 1,400 of its users by taking advantage of a vulnerability in the chat app's audio-calling functionality.
The verdict came after a week-long jury trial that featured several testimonies, including NSO Group's CEO Yaron Shohat and WhatsApp employees who responded and investigated the incident.
Even before the trial began, the case had unearthed several revelations, including that NSO Group had cut off 10 of its government customers for abusing its Pegasus spyware, the locations of 1,223 of the victims of the spyware campaign, and the names of three of the spyware maker's customers: Mexico, Saudi Arabia, and Uzbekistan.
TechCrunch read the transcripts of the trial's hearings and is highlighting the most interesting facts and revelations that came out. We will update this post as we learn more from the cache of more than 1,000 pages.
Testimony described how the WhatsApp attack worked
The zero-click attack, which means the spyware required no interaction from the target, 'worked by placing a fake WhatsApp phone call to the target,' as WhatsApp's lawyer Antonio Perez said during the trial. The lawyer explained that NSO Group had built what it called the 'WhatsApp Installation Server,' a special machine designed to send malicious messages across WhatsApp's infrastructure mimicking real messages.
'Once received, those messages would trigger the user's phone to reach out to a third server and download the Pegasus spyware. The only thing they needed to make this happen was the phone number,' said Perez.
NSO Group's research and development vice president Tamir Gazneli testified that 'any zero-click solution whatsoever is a significant milestone for Pegasus.'
NSO Group confirms it targeted an American phone number as a test for the FBI
Contact Us Do you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or
Do you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email .
For years, NSO Group has claimed that its spyware cannot be used against American phone numbers, meaning any cell number that starts with the +1 country code.
In 2022, The New York Times first reported that the company did 'attack' a U.S. phone but it was part of a test for the FBI.
NSO Group's lawyer Joe Akrotirianakis confirmed this, saying the 'single exception' to Pegasus not being able to target +1 numbers 'was a specially configured version of Pegasus to be used in demonstration to potential U.S. government customers.'
The FBI reportedly chose not to deploy Pegasus following its test.
How NSO Group's government customers use Pegasus
NSO's CEO Shohat explained that Pegasus' user interface for its government customers does not provide an option to choose which hacking method or technique to use against the targets they are interested in, 'because customers don't care which vector they use, as long as they get the intelligence they need.'
In other words, it's the Pegasus system in the backend that picks out which hacking technology, known as an exploit, to use each time the spyware targets an individual.
NSO Group's headquarters shares the same building as Apple
In a funny coincidence, NSO Group's headquarters in Herzliya, a suburb of Tel Aviv in Israel, is in the same building as Apple, whose iPhone customers are also frequently targeted by NSO's Pegasus spyware. Shohat said NSO occupies the top five floors and Apple occupies the remainder of the 14-floor building.
'We share the same elevator when we go up,' Shohat said during testimony.
The fact that NSO Group's headquarters are openly advertised is somewhat interesting on its own. Other companies that develop spyware or zero-days like the Barcelona-based Variston, which shuttered in February, was located in a co-working space while claiming on its official website to be located somewhere else.
NSO Group admitted that it kept targeting WhatsApp users after the lawsuit was filed
Following the spyware attack, WhatsApp filed its lawsuit against NSO Group in November 2019. Despite the active legal challenge, the spyware maker kept targeting the chat app's users, according to NSO Group's research and development vice president Tamir Gazneli.
Gazneli said that 'Erised,' the codename for one of the versions of the WhatsApp zero-click vector, was in use from late-2019 up to May 2020. The other versions were called 'Eden' and 'Heaven,' and the three were collectively known as 'Hummingbird.'
NSO says it employs hundreds of people
NSO Group's CEO Yaron Shohat disclosed a small but notable detail: NSO Group and its parent company, Q Cyber, have a combined number of employees totalling between 350 and 380. Around 50 of these employees work for Q Cyber.
NSO Group describes dire finances
During the trial, Shohat answered questions about the company's finances, some of which were disclosed in depositions ahead of the trial. These details were brought up in connection with how much in damages the spyware maker should pay to WhatsApp.
According to Shohat and documents provided by NSO Group, the spyware maker lost $9 million in 2023 and $12 million in 2024. The company also revealed it had $8.8 million in its bank account as of 2023, and $5.1 million in the bank as of 2024. Nowadays, the company burns through around $10 million each month, mostly to cover the salaries of its employees.
Also, it was revealed that Q Cyber had around $3.2 million in the bank both in 2023 and 2024.
During the trial, NSO revealed its research and development unit — responsible for finding vulnerabilities in software and figuring out how to exploit them — made up the majority of a $52 million budget. Shohat also said that NSO Group's customers pay 'somewhere in the range' between $3 million and 'ten times that' for access to its Pegasus spyware.
Factoring in these numbers, the spyware maker was hoping to get away with paying little or no damages.
'To be honest, I don't think we're able to pay anything. We are struggling to keep our head above water,' Shohat said during his testimony. 'We're committing to my [chief financial officer] just to prioritize expenses and to make sure that we have enough money to meet our commitments, and obviously on a weekly basis.'
First published on May 10, 2025 and updated with additional details.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Insider
an hour ago
- Business Insider
An OpenAI exec says she was diagnosed with breast cancer and that ChatGPT has helped her navigate it
Kate Rouch, the chief marketing officer at OpenAI, shared on Friday that she was diagnosed with invasive breast cancer weeks after assuming the role, which she called her "dream job," in December. In a thread posted on X, Rouch said she was sharing her story to help other women, adding, "We can't control what happens to us--but we can choose how we face it. My biggest lesson: no one fights alone." Prior to joining OpenAI as the company's first CMO, Rouch was CMO at Coinbase and, before that, spent over a decade at Meta, including as vice president, global head of brand and product marketing. Rouch said she started treatment right around the Super Bowl in February, when OpenAI aired its first-ever ad, and that she has since gone through 13 rounds of chemotherapy while leading OpenAI's marketing team. She wrote that she is expected to make a full recovery. "It has been the hardest season of life — for me, for my husband, and for our two young children," Rouch said, adding she has been supported by OpenAI "at every step." "Silicon Valley can be brutal and transactional. And yet — I've never felt more held," she said, adding that "people showed up in incredible and unexpected ways." Rouch also said OpenAI's ChatGPT has helped her navigate her diagnosis and treatment, including by explaining cancer in a way that is age-appropriate for her kids, helping her manage the side effects of chemo, and creating custom meditations. "Experiencing our work as a patient has made OpenAI's mission feel more personal and important," she said. Rouch said she was sharing her story to encourage other women to "prioritize their health over the demands of families and jobs." "A routine exam saved my life. It could save yours, too," she said. Business Insider reached out to OpenAI for comment. Kevin Weil, the chief product officer at OpenAI, expressed support for Rouch in a reply to her thread. "We love you @kate_rouch!" he wrote. "Proud of you for telling your story and for being so full of fight."
CNET
2 hours ago
- CNET
AT&T Has a New Affordable Senior Mobile Plan -- and Sorry, 55 Counts as a 'Senior'
AT&T has revealed its new phone plan for seniors, which offers mobile service at a discount for customers 55 years old and up. (Yes, Gen X, that's you -- or some of you, at least.) While the new plan only has the essentials, it's also cheaper than the carrier's feature-packed options. Even better, it's notably more affordable than AT&T's former senior plan. Carriers typically offer several plans to satisfy a range of customers, from the frugal to those that are willing to pay for every perk and bundled streaming service they can get. But plans targeting older Americans are often more bare-bones offerings, offered at lower prices to appeal to customers on fixed and limited incomes. AT&T's new AT&T 55 Plus plan is the most affordable it's offered in years. In exchange, the AT&T 55 Plus plan is pretty basic. For $40 per month for a single line (or $35 per month per line with two lines), you'll get unlimited voice calls, texting and data in the US, Canada and Mexico, and though AT&T's senior plan page indicates it has "5G access included," there's no clarity on which circumstances will enable high-speed data downloads and uploads on the senior plan. The plan also has 10GB of hotspot data per line per month, which is more generous than some other carrier offerings on our best senior plans list, along with a maximum 720p (SD) streaming speed for video. The plan also provides access to AT&T's free ActiveArmor app that blocks spam calls. Previously, AT&T offered a slightly discounted senior phone plan at $62 per month that was only available to customers living in Florida. Verizon retains a similar Florida-only senior plan. T-Mobile has several plans for seniors, from an older and basic Essentials Choice 55 plan starting at $45 per month up to Experience Beyond w/ 55 Plus starting at $85 per month and offering all the perks and extras of T-Mobile's other plans, including a five-year plan price guarantee, streaming services and satellite service beyond T-Mobile's network. Here's a breakdown of the best senior plans carriers offer 55-years-old and up customers: Best Senior Plans: T-Mobile, AT&T, Mint Mobile and Verizon Plan Cost 1 line (AutoPay) Cost 4 lines (AutoPay) High-speed data Hotspot data limit Price guarantee Max number of lines Streaming resolution T-Mobile Essentials Choice 55 $45 N/A 50GB Unlimited 3G N/A 2 480p (SD) T-Mobile Go5G 55 Plus $75 N/A Unlimited 5G 50GB N/A 2 Up to 4K T-Mobile Experience Beyond w/ 55+ $85 N/A Unlimited 5G 250GB 5 years 2 Up to 4K AT&T AT&T 55+ $40 $140 Unlimited 10GB N/A 10 480p (SD) Mint Mobile Mint 55 $15 N/A 5GB Shared 5GB main data budget N/A 5 480p (SD) Verizon Verizon 55 Plus $62 N/A Unlimited 4G LTE Unlimited 3G N/A 2 480p (SD) It's worth noting that every carrier plan's listed lowest price requires customers to sign up for autopay -- otherwise, the plans are more expensive every month. Customers must also prove their age by submitting an identification document to their carrier. Later this summer, AT&T will also offer a bundle combining two lines of AT&T 55+ with the customer's choice of either AT&T Fiber or AT&T Internet Air fixed wireless access internet, according to the carrier's blog post.
Yahoo
2 hours ago
- Yahoo
Chief AI Scientist At Mark Zuckerberg's Meta Says 'No Way' Scaling ChatGPT-Like Models Is Going To Lead To Human-Level AI
Meta Platforms, Inc.'s (NASDAQ:META) chief AI scientist, Yann LeCun, says the tech industry won't close the gap to human-level intelligence by scaling today's large language models and piling on more parameters. What Happened: "We are not going to get to human-level AI by just scaling up LLMs. This is just not going to happen. There's no way — absolutely no way," LeCun told host Alex Kantrowitz on the Big Technology podcast in March. He dismissed bullish two-year timelines from "more adventurous colleagues" as "complete BS." Trending: Maker of the $60,000 foldable home has 3 factory buildings, 600+ houses built, and big plans to solve housing — In a clip of the podcast which was resurfaced on YouTube last week, LeCun likened current chatbots to "a system with a gigantic memory and retrieval ability, not a system that can invent solutions to new problems," adding that even if the models can answer most routine questions, "it's not a Ph.D. you have next to you." Instead of reasoning, he said, today's systems "pattern-match" the next word. LeCun contends the best path forward is collaborative. According to a report by Business Insider, at the AI Action Summit in Paris, which took place in February, he urged governments to contribute anonymized data to a larger open-source It Matters: LeCun has long doubted that OpenAI will win the race to artificial general intelligence (AGI), a stance he first voiced in December 2023. Last week, he pointed Elon Musk toward a new FAIR study on "Contextual Positional Encoding," telling the xAI founder it could boost Grok and then amplified the paper by sharing Meta researcher Jason Weston's explanatory thread on X. The exchange unfolded amid LeCun's running feud with Musk. After Musk posted xAI job openings on Monday, LeCun quipped that applicants should expect a boss who insists their project "will be solved next year." He later applauded Musk's engineering triumphs in cars, rockets, and satellites while slamming the billionaire's politics, conspiracy theories, and habitual hype. Read Next: Hasbro, MGM, and Skechers trust this AI marketing firm — Invest before it's too late. 'Scrolling To UBI' — Deloitte's #1 fastest-growing software company allows users to earn money on their phones. You can invest today for just $0.30/share with a $1000 minimum. Photo Courtesy: Tapati Rinchumrus on Up Next: Transform your trading with Benzinga Edge's one-of-a-kind market trade ideas and tools. Click now to access unique insights that can set you ahead in today's competitive market. Get the latest stock analysis from Benzinga? This article Chief AI Scientist At Mark Zuckerberg's Meta Says 'No Way' Scaling ChatGPT-Like Models Is Going To Lead To Human-Level AI originally appeared on Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
