A US judge on Friday issued an order banning Israeli spyware maker NSO Group from targeting WhatsApp users, but reduced a $168 million damages award to just $4 million during the trial.
District Judge Phyllis Hamilton ruled that NSO Group’s conduct did not meet the “particularly egregious” standard necessary to support the jury’s calculations of a financial penalty.
But in the ruling, seen by AFP, she said the court “concluded that the defendants’ conduct caused irreparable harm, and there is no dispute that the conduct is ongoing”. The judge gave WhatsApp owner Meta an order to stop NSO Group’s snooping tactics on the messaging service.
“Today’s ruling prohibits spyware maker NSO from ever again targeting WhatsApp and our global users,” WhatsApp CEO Will Cathcart said in a statement.
“We applaud this decision, which comes after six years of litigation to hold the NSO accountable for targeting members of civil society.”
Evidence at trial shows that NSO Group reverse-engineered WhatsApp code to covertly install spyware that targeted users, the ruling said.
The spyware was repeatedly redesigned to evade detection and circumvent security solutions at WhatsApp, the court concluded.
The lawsuit, filed in late 2019, accused NSO Group of cyber espionage targeting journalists, lawyers, human rights activists and others who used the encrypted messaging service.
However, Hamilton ruled that the $168 million damages award awarded to Meta earlier this year was excessive.
“There simply have not been enough cases involving unlawful electronic surveillance in the smartphone era for a court to conclude that the defendants’ conduct was ‘particularly egregious’,” Hamilton wrote in the ruling seen by AFP.
“As time passes, more of a shared societal consensus may emerge regarding the acceptability of suspects’ behavior.”
Malicious code
NSO Group was founded in 2010 by Israelis Shalev Hulio and Omri Lavie and is located in the high-tech center on the coast of Herzliya, near Tel Aviv.
Media website TechCrunch reported on Friday that an American investment group has acquired a controlling stake in NSO Group.
The Israeli company produces Pegasus, a highly invasive tool that can reportedly turn on the camera and microphone of a target’s cell phone and access data on it, essentially turning the phone into a pocket spy.
The suit filed in a California federal court alleged that NSO attempted to infect approximately 1,400 “target devices” with malicious software to steal valuable information.
Infecting smartphones or other gadgets used for WhatsApp messages meant that the contents of messages that were encrypted during transmission could be accessed after they were decrypted.
The complaint states that the attackers “developed a program that allows them to emulate legitimate WhatsApp network traffic to send malicious code” to take over the devices.
Independent experts have found that the software is used by nation states, some of which have poor human rights records.
NSO Group has maintained that it only licenses its software to governments for the purpose of fighting crime and terrorism.
