Israeli spyware giant NSO Group ordered to pay nearly $170M to WhatsApp for hacking accounts
Israeli spyware company NSO Group was ordered by a U.S. federal court on Tuesday to pay WhatsApp and its parent company Meta almost $170 million in damages after its cyber tools were used to hack around 1,400 WhatsApp accounts.
NSO Group has become the poster child in recent years for the mostly underground spyware market, used increasingly by governments to
surveil dissidents
, journalists
and politicians
. The ruling, the latest step in a process that began in 2019, is a major win for privacy advocates and those pushing back against NSO Group's controversial Pegasus software.
According to a spokesperson for Meta, the ruling involves NSO Group paying punitive damages of around $167 million to WhatsApp on top of more than $440,000 in compensatory damages after one day of jury deliberation. This stems from an
effort linked to NSO Group
to exploit video calling systems and send malware to around 1,400 WhatsApp users in 2019, many of whom worked for civil society groups. WhatsApp filed a complaint in court after the plot was discovered.
NSO Group was previously
found liable for hacking the WhatsApp user accounts
, setting a precedent for organizations targeted by spyware to go after the companies that build the malicious software.
A post on Meta's site
shortly after the ruling celebrated the win, and noted that WhatsApp will be working to get a court order to 'prevent NSO from ever targeting WhatsApp again.' It added that Meta will be making an unspecified donation to digital rights organizations that work to expose spyware abuses. In addition, WhatsApp plans to publish transcripts of deposition videos from NSO Group executives and others to aid researchers in understanding the full use of spyware globally.
'Today's verdict in WhatsApp's case is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone,' the post reads.
Apple also filed a suit against NSO Group, seeking damages for spyware being used against its customers. It ultimately
dropped the case last year
after concluding that the suit might expose sensitive Apple user data.
NSO Group has pushed back repeatedly against criticism, arguing that its Pegasus spyware has been used for good, such as
catching high-profile criminals
.
Gil Lainer, vice president of global communications for NSO Group, said in a statement Tuesday that the decision is 'another stope in a lengthy judicial process,' and that 'we firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies.'
'We will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal,' Lainer said, adding that the company 'remains fully committed to its mission to develop technologies that protect public safety' while working within legal frameworks.
NSO Group was added to the Commerce Department's entity list in 2021, making it difficult for it to do business in the U.S. Meanwhile, the European Parliament
has set up a committee
to investigate the use of Pegasus across EU nations.
Last year, the Biden administration backed a pledge for
other nations to use spyware responsibly
, and the Trump administration
recently backed
an international effort to set a code of conduct for wielding this type of software.
John Scott-Railton, a senior researcher for Citizen Lab, which helped investigate the initial hacks of WhatsApp accounts,
tweeted Tuesday
that NSO Group's conduct 'deserved to be punished,' adding that 'NSO makes millions hacking mostly American tech companies … so that dictators can hack dissidents.'
'NSO Group emerges from the trial severely damaged,' Scott-Railton tweeted. 'This will scare customers.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
UPI
4 minutes ago
- UPI
Six more Madleen Gaza humanitarian activists deported from Israel
Six more activists from the Freedom Flotilla Gaza humanitarian aid mission aboard the Madleen boat were deported from Israel Thursday. Photo by Freedom Flotilla Coalition June 12 (UPI) -- Six more activists from the Freedom Flotilla Gaza humanitarian aid mission aboard the Madleen boat were deported from Israel Thursday. The Adalah civil rights center said six international activists Mark van Rennes of the Netherlands, Suyab Ordu of Turkey, Yasemin Acar of Germany, Thiago Avila of Brazil and Rva Viard and Rima Hassan both of France were being transported to Ben Guiron airport for deportation after being detained for 72 hours. Adalaha added that French nationals Pascal Maurieras and Yanis Mhamdi are the last remaining activists from the Madleen and are expected to be deported from Israel Friday. The Israeli Navy intercepted the Madleen while it was enroute to Gaza in international waters. Swedish activist Greta Thunberg was among the activists deported earlier this week. Eight of the activists challenged their detention while four waived their right to go before a judge and were deported immediately. Israel's Detention Review Tribunal found the naval blockade of Gaza is legal under Israeli law and therefore the activists were lawfully detained. The activists assert that their detention and deportations are violations of international law. According to the Adalah Center, the activists reported they were subjected to solitary confinement and their access to attorneys was restricted.
Yahoo
6 minutes ago
- Yahoo
Meta sues AI ‘nudify' app Crush AI for advertising on its platforms
Meta has sued the maker of a popular AI 'nudify' app, Crush AI, that reportedly ran thousands of ads across Meta's platforms. In addition to the lawsuit, Meta says it's taking new measures to crack down on other apps like Crush AI. In a lawsuit filed in Hong Kong, Meta alleged Joy Timeline HK, the entity behind Crush AI, attempted to circumvent the company's review process to distribute ads for AI nudify services. Meta said in a blog post that it repeatedly removed ads by the entity for violating its policies, but claims Joy Timeline HK continued to place additional ads anyway. Crush AI, which uses generative AI to make fake, sexually explicit images of real people without their consent, reportedly ran more than 8,000 ads for its 'AI undresser' services on Meta's platform in the first two weeks of 2025, according to the author of the Faked Up newsletter, Alexios Mantzarlis. In a January report, Mantzarlis claimed that Crush AI's websites received roughly 90% of their traffic from either Facebook or Instagram, and that he flagged several of these websites to Meta. Crush AI reportedly evaded Meta's ad review processes by setting up dozens of advertiser accounts and frequently changed domain names. Many of Crush AI's advertiser accounts, according to Mantzarlis, were named 'Eraser Annyone's Clothes' followed by different numbers. At one point, Crush AI even had a Facebook page promoting its service. Facebook and Instagram are hardly the only platforms dealing with such challenges. As social media companies like X and Meta race to add generative AI to their apps, they've also struggled to moderate how AI tools can make their platforms unsafe for users, particularly minors. Researchers have found that links to AI undressing apps soared in 2024 on platforms like X and Reddit, and on YouTube, millions of people were reportedly served ads for such apps. In response to this growing problem, Meta and TikTok have banned keyword searches for AI nudify apps, but getting these services off their platforms entirely has proven challenging. In a blog post, Meta said it has developed new technology to specifically identify ads for AI nudify or undressing services 'even when the ads themselves don't include nudity.' The company said it is now using matching technology to help find and remove copycat ads more quickly, and has expanded the list of terms, phrases and emoji that are flagged by its systems. Meta said it is also applying the tactics it has traditionally used to disrupt networks of bad actors to these new networks of accounts running ads for AI nudify services. Since the start of 2025, Meta said, it has disrupted four separate networks promoting these services. Outside of its apps, the company said it will begin sharing information about AI nudify apps through Tech Coalition's Lantern program, a collective effort between Google, Meta, Snap and other companies to prevent child sexual exploitation online. Meta says it has provided more than 3,800 unique URLs with this network since March. On the legislative front, Meta said it would 'continue to support legislation that empowers parents to oversee and approve their teens' app downloads.' The company previously supported the US Take It Down Act, and said it's now working with lawmakers to implement it. Sign in to access your portfolio
Yahoo
20 minutes ago
- Yahoo
US-backed Israeli company's spyware used to target European journalists, Citizen Lab finds
ROME (AP) — Spyware from a U.S.-backed Israeli company was used to target the phones of at least three prominent journalists in Europe, two of whom are editors at an investigative news site in Italy, according to digital researchers at Citizen Lab, citing new forensic evidence of the attacks. The findings come amid a growing questions about what role the government of Italian Prime Minister Giorgia Meloni may have played in spying on journalists and civil society activists critical of her leadership, and raised new concerns about the potential for abuse of commercial spyware, even in democratic countries. 'Any attempts to illegally access data of citizens, including journalists and political opponents, is unacceptable, if confirmed,' the European Commission said in a statement Wednesday in response to questions from members of parliament. 'The Commission will use all the tools at its disposal to ensure the effective application of EU law.' Meloni's office declined to comment Thursday, but a prominent member of her Cabinet has said that Italy 'rigorously respected' the law and that the government hadn't illegally spied on journalists. Mercenary spyware industry The company behind the hacks, Paragon Solutions, has sought to position itself as a virtuous player in the mercenary spyware industry and won U.S. government contracts, The Associated Press found. Backed by former Israeli Prime Minister Ehud Barak, Paragon was reportedly acquired by AE Industrial Partners, a private investment firm based in Florida, in a December deal worth at least $500 million, pending regulatory approvals. AE Industrial Partners didn't directly respond to requests for comment on the deal. Paragon's spyware, Graphite, was used to target around 90 WhatsApp users from more than two dozen countries, primarily in Europe, Meta said in January. Since then, there's been a scramble to figure out who was hacked and who was responsible. 'We've seen first-hand how commercial spyware can be weaponized to target journalists and civil society, and these companies must be held accountable,' a spokesperson for WhatsApp told AP in an email. 'WhatsApp will continue to protect peoples' ability to communicate privately.' Meta said the vulnerability has been patched and they have not detected subsequent attacks. Meta also sent a cease-and-desist letter to Paragon. Last month, a California court awarded Meta $168 million in damages from Israel's NSO Group, whose spyware was used to hack 1,400 WhatsApp accounts, including of journalists, activists and government officials. Journalists targeted The Citizen Lab's findings, released today, show that the use of spyware against journalists has continued, despite the backlash against NSO Group, and establish for the first time that Paragon was able to successfully infect Apple devices. Ciro Pellegrino, who heads the Naples newsroom of an investigative news outlet called received a notice on April 29 that his iPhone had been targeted. Last year, Fanpage secretly infiltrated the youth wing of Meloni's Brothers of Italy party and filmed some of them making fascist and racist remarks. Pellegrino's colleague, Fanpage editor-in-chief Francesco Cancellato, also received a notice from Meta that his Android device had been targeted by Paragon spyware, though forensic evidence that his phone was actually infected with Graphite hasn't yet surfaced, according to Citizen Lab. The Citizen Lab's report today also revealed a third case, of a 'prominent European journalist,' who asked to remain anonymous, but is connected to the Italian cluster by forensic evidence unearthed by researchers at the laboratory, which is run out of the Munk School at the University of Toronto. The Citizen Lab, which has analyzed all the devices, said the attack came via iMessage, and that Apple has patched the vulnerability. Apple did not respond immediately to requests for comment. 'Paragon is now mired in exactly the kind of abuse scandal that NSO Group is notorious for,' said John Scott-Railton, a senior researcher at the Citizen Lab. 'This shows the industry and its way of doing business is the problem. It's not just a few bad apples.' Stealthy spyware Paragon's spyware is especially stealthy because it can compromise a device without any action from the user. Similar to the NSO Group's notorious Pegasus spyware, which has been blacklisted by the U.S. government, Graphite allows the operator to covertly access applications, including encrypted messengers like Signal and WhatsApp. 'There's no link to click, attachment to download, file to open or mistake to make,' Scott-Railton said. 'One moment the phone is yours, and the next minute its data is streaming to an attacker.' Parliamentary oversight COPASIR, the parliamentary committee overseeing the Italian secret services, took the rare step last week of making public the results of its investigation into the government's use of Paragon. The COPASIR report said that Italian intelligence services hadn't spied on Cancellato, the editor of Fanpage. The report did confirm the surveillance, with tools including Graphite, of civil society activists, but said they had been targeted legally and with government authorization — not as activists but over their work related to irregular immigration and national security. Giovanni Donzelli, vice president of COPASIR and a prominent member of Meloni's Brothers of Italy party, declined further comment Thursday, saying the parliamentary report was 'more relevant than an analysis done by a privately funded Canadian laboratory.' Citizen Lab says it's 'rigorously independent,' and doesn't accept research funding from governments or companies. Italy and Paragon both say they've terminated their relationship, but offer starkly different versions of the breakup. Paragon referred questions to a statement it gave to Israeli newspaper Haaretz, in which the company said that it stopped providing spyware to Italy after the government declined its offer to help investigate Cancellato's case. Italian authorities, however, said they had rejected Paragon's offer over national security concerns and ended the relationship following media outcry. U.S. contracts Paragon has been keen to deflect reputational damage that could, in theory, impact its contracts with the U.S. government. A 2023 executive order, which so far hasn't been overturned by U.S. President Donald Trump, prohibits federal government departments and agencies from acquiring commercial spyware that has been misused by foreign governments, including to limit freedom of expression and political dissent. The U.S. Department of Homeland Security awarded Paragon a one-year, $2 million contract last September for operations and support of U.S. Immigration and Customs Enforcement, public records show. The U.S. Drug Enforcement Administration has also reportedly used the spyware. In December 2022, Adam Schiff, the California Democrat who at the time chaired the House Intelligence Committee, wrote to the administrator of the U.S. Drug Enforcement Administration questioning whether the DEA's use of Graphite spyware undermined efforts to deter the 'broad proliferation of powerful surveillance capabilities to autocratic regimes and others who may misuse them.' ___ Byron Tau in Washington, and Lorne Cook in Brussels, contributed to this report. Erika Kinetz And Paolo Santalucia, The Associated Press
