Pegasus Spyware Maker Fined

Your phone could become a criminal’s tool, silently spilling your texts, calls, and photos to a shadowy hacker - all without you clicking a single link. This serious threat is created by Pegasus, the infamous spyware developed by Israel’s NSO Group, which targeted 1,400 WhatsApp users in 2019.

Now, the Israeli firm behind Pegasus, NSO Group, has been ordered to pay Meta $444,000 damages for this hacking attack that took place that year. 

For years, the Israeli spyware company NSO Group has quietly equipped governments with potent tools to hack phones and monitor dissidents. However, a jury in California recently awarded Meta Platforms (formerly Facebook) over $167 million (£125 million) in damages from NSO Group for exploiting WhatsApp in 2019.

Meta created a webpage announcing the jury’s decision, stating that it “is a critical deterrent to this malicious industry” aimed at combatting illegal acts against American companies and users worldwide.

“Six years ago, we detected and stopped an attack by the notorious spyware developer NSO against WhatsApp and its users, and today, our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone,” Meta announced on May 6th. 

Additionally, Meta described this ruling as “an important step forward for privacy and security, marking the first victory against the development and use of illegal spyware that threatens everyone’s safety and privacy.”

Pegasus is malicious software that can be installed remotely on mobile phones to access microphones, cameras, and other personal data without user consent.  Based in Tel Aviv, NSO Group has developed and sold  their technology around the word, and has faced accusations of enabling authoritarian regimes to monitor journalists, activists, and political figures

Meta stated that this case signifies “the first victory against the development and use of illegal spyware.” NSO, in response, said it would “carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal.”

This case is notable as the first time a developer of spyware has been held responsible for exploiting vulnerabilities in smartphone platforms.

NSO claims its products are intended solely for use against serious criminals and terrorists. However, there are ongoing allegations that some governments have used the technology to target individuals they consider threats to national security.

Pegasus became the center of global controversy in 2021 when a leaked list of 50,000 phone numbers of suspected victims was revealed to major media outlets. The leak identified politicians, heads of state, business executives, activists, members of Arab royal families, and over 180 journalists.

This legal battle has spanned six years and involves multiple major tech companies. Apple previously filed a similar lawsuit against NSO Group but withdrew it in 2024 to avoid exposing its internal security systems. In contrast, Meta’s case resulted in a court ruling in their favor - an uncommon win against a surveillance vendor.

While this case may mark a turning point in how courts and tech companies confront the spyware industry, the fight against digital surveillance tools remains ongoing.

Silicon  |   BBC  |   Meta  |    Medium  |    Techloy  |  neowin  |  Hacker News 

Image: Ideogram 

You Might Also Read: 

Russian Hackers Exploit Mobile Browser Vulnerabilities:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Email Security Threats Businesses Can’t Ignore
Large-Scale Data Exposure Discovered »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

Identify Security Software

Identify Security Software

Our mission is to bring in a new age of autonomous human authentication in the security and identity space.

Echoworx

Echoworx

Echoworx primary and exclusive focus is providing organizations with secure email services.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.