Nom de domaine

– Guest article, written by Vincent Lautier –

An American federal jury ordered NSO Group to pay $ 168 million to WhatsApp for using PEGASUS spy software on more than 1,400 users. An unprecedented decision, which could have significant repercussions against the Spyware industry.

NSO Group convicted of massive WhatsApp piracy

American justice has just brought a severe blow to NSO Group. A federal jury ordered the Israeli company to pay $ 168 million to WhatsApp, owned by Meta, for having operated its servers in order to infect more than 1,400 users with PEGASUS spy software. This decision arrives after six years of legal proceedings started in 2019, at the end of which NSO was found guilty of violation of federal and Californian laws on computer fraud. This conviction is a first against a spyware manufacturer, whose activity, although legally supervised on paper, is mainly based on a gray legal area.

Pegasus, a diverted surveillance tool

Originally, Pegasus was presented as a tool to help governments fight terrorism and great crime. But in practice, the evidence accumulated by Citizen Lab and other NGOs show systematic use against journalists, lawyers, human rights activists and political opponents. In the case deemed, Pegasus has exploited a critical security flaw (CVE-2019-3568) in the WhatsApp vocal call function to infiltrate the victims devices distributed in 51 countries. The documents of the trial indicate, for example, 456 victims in Mexico, 100 in India, 82 in Bahrain, and several dozen in states such as Morocco or Pakistan.

Repeated attacks despite alerts

What WhatsApp criticizes NSO is not just an isolated incident. According to elements of the file, NSO would have tried 43 times in May 2019 to go through the Californian servers of WhatsApp to spread its spy software. Meta claims to have mobilized its engineers to counter attacks, up to more than $ 400,000 in internal costs. Despite this, NSO continued to refine its techniques, including after filing a complaint, proving according to Meta its manifest will to bypass the defenses put in place. This obstinacy weighed heavily in the decision of the jury, which estimated that NSO acted with “oppression, fraud or maliciousness”.

A signal sent to the Spyware industry

The verdict therefore includes $ 167.25 million in damage, but also 444,719 dollars (it is precise) of compensatory damage. It is a major legal precedent in an area hitherto not worried, and it mainly sends a clear warning to other companies active in digital surveillance. Meta also plans to continue the case to obtain an injunction prohibiting NSO from targeting WhatsApp, while paying part of the funds recovered from digital rights associations.

NSO defends itself, but recognizes its offensive capacities

NSO, for its part, continues to defend the legitimacy of its activity. The company maintains that its software is sold solely to “authorized” governments, that it does not control the final targets, and that it respects a strict legal framework. Except that the testimonies heard in court contradict this narrative: NSO adapts its attacks according to the targets and the targeted devices, including iOS and Android, using different vectors as needed, such as browsers or messaging. The company even admitted to invest tens of millions of dollars each year in the development of these infection vectors.

Despite the decision, NSO remains active and intends to appeal. The company has already been placed on the black list by the US trade department in 2021, which limits its trade relations with American companies. The European Union has also opened surveys on the use of PEGASUS in certain Member States. For its part, Apple had launched a legal proceedings similar to that of WhatsApp, before giving up in 2024 so as not to reveal sensitive data on its security systems. This shows how these cases can put companies in a delicate position, between judicial transparency and infrastructure protection.

Guest article published by Vincent Lautier. You can also Follow me on Blueskymake a jump on My blogor read The tests I publish in the “Tech Gadgets” categoryas This screwdriver or that Small SSD !

Sources: The Washington Post,, Meta


Source link

Categorized in:

Technology