In a post on its blog, Meta announced WhatsApp’s victory against NSO Group, which was ordered to pay $167 million in punitive damages and over $440,000 in compensatory damages. The judgement came after NSO’s illegal attack on approximately 1,400 WhatsApp users, including journalists, human rights defenders and members of civil society.

The three key actions of Meta

Meta outlined three key actions it will take after the ruling, which represent an important commitment to prevent future abuses:

• Seeking a court order to prevent NSO from targeting WhatsApp again with Pegasus or other spyware
• Allocate the compensation obtained by NSO to digital rights organisations engaged in exposing spyware abuses
• Publishing the depositions of NSO executives shown during the trial to support researchers and journalists in the fight against spyware

The Pegasus Spyware

Pegasus is spyware developed by NSO Group, designed to infiltrate mobile devices and gain full access to user data, including emails, messages, media files and geographic location. Its existence and capabilities were discovered in 2016 by Citizen Lab and Lookout, when an attempted attack was detected against human rights activist Ahmed Mansoor, who received suspicious SMS messages with malicious links.

Collaboration with Citizen Lab

Six years ago, WhatsApp engineers detected and blocked an attack by NSO Group’s Pegasus spyware, which had targeted over 1,000 users. On that occasion, WhatsApp collaborated with Citizen Lab, a University of Toronto research centre specialising in digital threat analysis, surveillance and Internet censorship. Citizen Lab supported the investigation of the attack, helping to identify victims and raise awareness of how Pegasus was used, as well as helping affected users secure their devices.

An attack on several fronts

The trial also revealed that WhatsApp was not NSO’s only target. It emerged how Pegasus was able to compromise mobile devices without the user’s knowledge, accessing sensitive data such as emails, messages, financial and location information, and even remotely activating the microphone and camera.

A clear message against spyware

“This ruling demonstrates to spyware companies that their illegal actions against American technologies and user privacy will not be tolerated,” Meta said, reaffirming his commitment to fight those who develop spyware intended to indiscriminately target people around the world.

A commitment to transparency

Finally, Meta announced that it will publish not only the informal minutes of depositions already shown in court, but also the official transcripts as soon as they become available, in order to promote transparency and research.

A victory for digital rights

A historic victory for privacy, security and digital rights.