NSO Group Owes Meta $167 Million In Damages For Using WhatsApp Servers To Deliver Malware
We’ll have to see if NSO Group has this sort of cash just laying around. Seems unlikely, what with its financial backers pulling out in response to a steady stream of negative headlines, as well as the company considering exiting the highly-profitable offensive malware market.
Sure, this will be appealed and NSO will try to get the awarded damages trimmed down to a more manageable number, but for now, this is what NSO Group owes Meta, the parent company of WhatsApp:
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last year.
[…]
The jury also awarded Meta $444,719 in compensatory damages.
John Scott-Railton of Citizen Lab has a pretty thorough rundown of this litigation over at Bluesky. Citizen Lab, of course, has been instrumental in revealing abusive deployments of NSO Group’s Pegasus malware by some of its shadier customers. And Citizen Lab has been targeted by some of NSO’s investors in hopes of stopping the self-inflicted bleeding the Israeli malware maker endured over the past four years.
A settlement was expected when NSO Group was ordered to turn over its malware source code by a California federal court. But then NSO asked the Israeli government to raid its offices and seize anything it might be forced to produce in response to WhatsApp discovery requests. Then it let the lawsuit play out, which turned out to be a bad idea. A jury said NSO Group was in the wrong, and for now, at least, it’s on the hook for nearly $168 million in damages.
Meta is taking a deserved victory lap on its site. But of more interest to everyone than news that Meta may become slightly richer are the documents posted by the victorious party, which include transcriptions of NSO Group depositions.
Included in the depositions are the actual price tags for Pegasus, NSO Group’s most powerful and profitable product. As of 2020, $7 million bought governments the ability to deliver spyware to up to 15 targets. If governments wanted to target devices not currently in the country, that added feature ran $1-2 million on its own.
Given that, you’d think NSO would still have plenty of cash in the bank. But spending nearly a half-decade watching your fortunes dwindle and your name become synonymous with humans rights abuses tends to empty the coffers fairly quickly. At some point, NSO will finally have to settle up with WhatsApp. And the success of this lawsuit will hopefully deter other companies with similarly questionable ethics from rushing to fill the void left behind by NSO’s spectacular implosion.