A federal judge on Friday ordered a major commercial spyware company to not target Meta’s WhatsApp messaging platform, which the firm had previously told the court could force it to shut down operations.
Phyllis Hamilton, U.S. District Court judge for the Northern District of California, also cut the damages the spyware manufacturer, the NSO Group, will have to pay to Meta from $168 million to $4 million.
The ruling stems from a 2019 NSO hack of WhatsApp to target 1,400 app users with its zero-click Pegasus spyware.
The injunction could threaten NSO’s business because Pegasus relies on vulnerabilities in widely-used software like WhatsApp’s to target individuals.
Although the company previously told the judge that an injunction could “put NSO’s entire enterprise at risk” and “force NSO out of business,” a spokesperson for the firm said the ruling “will not apply to NSO’s customers, who will continue using the company’s technology to help protect public safety.”
The spokesperson declined to clarify the assertion, but said that the company will review the decision and decide on next steps.
An advocate for spyware victims, Natalia Krapiva, called NSO’s stance “perplexing,” saying that “the plain language of the injunction prevents NSO from using or offering any technology that provides unlawful access to WhatsApp messages or breaking WhatsApp’s encryption.”
“The court recognized that by circumventing WhatsApp’s end-to-end encryption, NSO’s Pegasus spyware is causing ‘irreparable injury’ to WhatsApp’s interests and it should be prevented from doing so,” said Krapiva, who is senior tech counsel at Access Now.
She hailed the judge’s ruling for setting a potential precedent for other U.S. companies whose infrastructure is compromised by spyware.
Will Cathcart, Head of WhatsApp, posted on social media that the ruling “bans spyware maker NSO from ever targeting WhatsApp and our global users again.”
Cathcart did not address the reduction in damages.
Pegasus has been used to target hundreds of members of civil society, including journalists and dissidents, despite NSO’s assertion that it is only used to fight terrorism and in law enforcement investigations of serious crime.
TechCrunch reported on October 10 that the company has been bought by a group of investors led by an American, the Hollywood mogul Robert Simonds, who is best known for producing Adam Sandler comedies.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.
