- The NSO group must pay nearly $ 167.5 million in damages to WhatsApp
- 1,400 users have been compromised thanks to an audio call vulnerability
- Meta wants to donate to digital rights organizations
The NSO group was ordered to pay more than $ 167 million in punitive damages and almost half a million ($ 445,000) of compensatory damages in WhatsApp after a five-year legal battle.
The fines come from a 2019 hacking campaign affecting more than 1,400 WhatsApp users, NSO using PEGASUS Spymetric Software to operate a vulnerability of audio call on the mobile application.
Among the affected people were high-level individuals and public figures, such as journalists, activists and diplomats, with the espion software from the Israeli cyber-intelligence company capable of access to emails, texts, financial data, location data and the activation of the remote camera and microphones.
The NSO group of Israel to pay more than $ 167 million in damages to WhatsApp
“In simple terms, Pegasus de NSO works to secretly compromise people’s phones with spy software capable of increasing information from any application installed on the device,” said Meta in an ad.
Meta noted that Pegasus, when installed on an affected handset, has the capacity to “hoist information from any application installed on the device”.
Given the extent of PEGASUS target data types, META also confirmed that “WhatsApp was far from the only target of NSO”.
The technology giant did not appoint any other affected company, but NSO admitted that it spent tens of millions of dollars per year to develop malware installation methods, which may include via instant messengers, browsers and operating systems – iOS and Android.
The NSO group claims that it sells its spy software only to governments, but there are growing attacks against citizens suggesting that malicious actors have also been able to get their hands on spy software – whether affiliated with government or otherwise.
“Pegasus is designed to be stealthy and escape a forensic analysis, avoid detection by antivirus software and can be deactivated and deleted by operators,” said Citizen Lab.
Even after six years, Meta admitted that there could be a long way to go before damages are paid, but the company “would like to donate to digital rights organizations that work to defend people against such attacks in the world” following its success in court.
