A California federal jury has ordered Israel's NSO Group to pay $168 million to Meta's WhatsApp for exploiting its servers to hack users on behalf of foreign spy agencies. The landmark decision concludes a six-year legal battle, exposing unprecedented details about the shadowy spyware industry.
NSO's Pegasus Spyware: A Luxury Product for Governments
Court documents reveal NSO charged governments up to $7 million for access to its Pegasus spyware platform between 2018 and 2020. For an additional $1–2 million, clients could target devices outside their own borders. Meta attorney Antonio Perez emphasized the "hefty price tag" of the tools, calling them "highly sophisticated" during trial proceedings.
Thousands of Devices Compromised
NSO executives admitted the company hacked "thousands of devices" during the three-year period. When questioned about ethics, Vice President Tamir Gazneli argued the tools targeted "intelligence targets" rather than ordinary individuals—a claim met with skepticism. "You don't consider the targets people?" Meta's lawyer challenged during a tense courtroom exchange.
U.S. Agencies Funded NSO Operations
Despite warnings about human rights abuses, the CIA and FBI reportedly paid $7.6 million to NSO Group. The CIA allegedly financed Djibouti's purchase of Pegasus spyware, while the FBI tested the software for domestic surveillance capabilities, according to trial evidence.
NSO Continued Attacks During Lawsuit
Meta lawyers disclosed that NSO continued hacking WhatsApp's infrastructure even after the 2019 lawsuit was filed. A recent court filing described the group as a "significant threat" seeking a permanent injunction against future attacks.
Why This Case Matters
The verdict intensifies scrutiny of unregulated spyware markets and foreign surveillance partnerships. With Pegasus linked to targeting journalists, activists, and politicians globally, the case raises urgent questions about accountability in the digital age.
The $168M penalty sets a precedent for tech companies battling state-sponsored cyberattacks. As governments worldwide grapple with spyware regulation, this ruling could reshape how surveillance tools are developed—and who pays the price for their abuse.