
A U.S. jury has ordered spyware firm NSO Group to pay WhatsApp over $167 million for illegally hacking 1,400 users, marking the first major legal win against a spyware vendor.
What happened
After a five-year legal battle, spyware developer NSO Group has been ordered to pay more than $167 million in damages to WhatsApp for its 2019 hacking campaign. The jury awarded $167,254,000 in punitive damages and $444,719 in compensatory damages, following WhatsApp’s claims that NSO illegally accessed its servers and exploited an audio-calling vulnerability to target around 1,400 users, including journalists, dissidents, and human rights defenders. The case marks the first legal victory against a spyware company for conducting illegal surveillance operations.
Going deeper
WhatsApp, owned by Meta, sued NSO Group in 2019 for breaching U.S. and California anti-hacking laws, as well as violating WhatsApp’s terms of service. According to court documents, NSO used a WhatsApp vulnerability to silently infect users’ phones via missed audio calls, enabling covert surveillance.
The trial uncovered significant details, including some NSO clients' identities and the targeted individuals' global locations. Judge Phyllis Hamilton previously ruled NSO liable in December 2024, prompting the recent jury trial to determine the financial penalties.
WhatsApp’s spokesperson, Zade Alsawah, hailed the ruling as a landmark moment: “Our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone.”
What was said
NSO Group spokesperson Gil Lainer indicated the company may appeal, stating it would “carefully examine the verdict’s details and pursue appropriate legal remedies.”
The verdict has drawn strong reactions from critics of NSO’s surveillance tools. Will Cathcart, head of WhatsApp, called the case a wake-up call in a Washington Post op-ed: “Tools that enable surveillance into our private lives are being abused... [and] put us all at risk.”
John Scott-Railton, a senior researcher at Citizen Lab, echoed that sentiment, saying the ruling struck at the heart of NSO’s business model: “NSO makes many millions of dollars helping dictators hack people… it only took the jury a day’s deliberation to see right through to the heart of the matter.”
The big picture
The ruling against NSO Group sets a precedent for holding spyware companies accountable in U.S. courts. Beyond the financial penalties, the case has exposed the inner workings of a shadowy surveillance industry and strengthened legal deterrents against the misuse of spyware tools. As surveillance technologies become more powerful and accessible, the decision reaffirms that targeting American companies and citizens for profit, especially at the behest of authoritarian regimes, will face growing resistance through both legal and public channels.
FAQs
Who is NSO Group?
NSO Group is an Israeli cyber-intelligence firm known for developing Pegasus, a powerful spyware tool used by governments and agencies for surveillance.
What is Pegasus spyware capable of?
Pegasus can remotely access a phone’s camera, microphone, messages, and location without the user’s knowledge or consent.
Why is this case significant for the tech industry?
It reinforces the legal boundaries around cybersecurity, signaling that companies enabling unauthorized surveillance can be held accountable in court.
Has NSO faced scrutiny before?
Yes, NSO has faced multiple investigations and international criticism for selling spyware allegedly used by authoritarian regimes against activists and journalists.
What happens next for NSO Group?
The company has indicated plans to appeal the verdict, which could prolong the legal process and further impact its business and reputation.