On Tuesday, American social media giant Meta announced that it had won a lawsuit against Israeli spyware company NSO, receiving a compensation of $168 million, ending a six-year legal battle between the two parties. This marks the first time globally that a spyware manufacturer has been held legally responsible for infiltrating smartphone platforms and compromising their technological integrity.
NSO’s spyware “Pegasus” had been widely sold, allowing customers to bypass encryption, remotely control phones, and has been discovered in multiple countries being used to monitor human rights lawyers, journalists, and political dissidents. Observers believe that this case could serve as a milestone for holding surveillance technology companies worldwide accountable.
Under Meta’s umbrella, the messaging platform WhatsApp revealed in 2019 that the NSO group exploited software vulnerabilities to secretly install the “Pegasus” spyware on the smartphones of hundreds of users globally.
This vulnerability enabled attackers to remotely install Pegasus without the need for user interaction, just by making a missed call, gaining control of the phone, activating the microphone and camera, deleting call logs, accessing images and location history, and more.
After WhatsApp patched the vulnerability, they tracked digital traces left by the spyware and issued warnings to at least 100 human rights lawyers, journalists, and political dissidents.
On Tuesday, a jury in a federal court in California ruled that NSO Group must pay Meta $167.3 million in punitive damages and $447,719 in compensatory damages, totaling $168 million.
Previously, in December 2024, a U.S. district judge ruled that NSO violated the Computer Fraud and Abuse Act and breached WhatsApp’s terms of service. This trial focused solely on damages.
In its statement, Meta stated, “Today’s ruling on the WhatsApp case is an important step in defending privacy and security, as well as the first victory against the development and use of illicit spyware, posing a threat to everyone’s safety and privacy.”
In its statement, NSO stated that it will “carefully review the details of this ruling and seek appropriate legal remedies, including further litigation and appeals.”
NSO claimed that its technology is deployed by authorized government agencies and plays a critical role in preventing serious crimes and terrorist activities.
This ruling serves as a warning to the surveillance technology industry, becoming the first global case where a court holds a spyware company accountable for abusing platform vulnerabilities. NSO’s defeat in this case could pave the way for similar lawsuits against attacked platforms like Apple, Amazon, Android, and others.
Researcher at the University of Toronto’s Citizen Lab, John Scott-Railton, stated, “NSO’s business model is about infiltrating American companies to enable dictators to invade the devices of dissidents.”
He emphasized that the jury made a quick decision after deliberating for only one day, proving that even though NSO had employed various delaying tactics and technical maneuvers over the years, they could not escape legal responsibility.
Natalia Krapiva, a senior lawyer at the human rights organization Access Now, pointed out that NSO has long argued that its software is used to track terrorists and pedophiles, yet the company has been repeatedly accused of abusing surveillance in various countries, including Saudi Arabia, Spain, Mexico, Poland, and El Salvador.
She said, “This case is expected to send a signal to spyware companies: if you act recklessly and with impunity like NSO, there will be consequences.”
Founded by retired Israeli military intelligence personnel, NSO Group has been considered a “technology calling card” in Israeli diplomacy, signing lucrative contracts with countries like Saudi Arabia and the United Arab Emirates. The company was valued at over $1 billion in 2019 and achieved revenue of $251 million in 2018.
Pegasus spyware was widely sold, with NSO claiming to only collaborate with “authorized governments” and handling abuses as individual cases. However, this lawsuit has revealed widespread instances of client abuses. Despite NSO refusing to submit certain evidence during the trial, a U.S. court ruled it unlawful in December 2024.
The Biden administration has already blacklisted NSO in 2021 and advocated for stricter regulation of the entire spyware industry.