NSO Group
Business Conspiracy Constitutional Rights cyberwarfare Derrick Broze Domestic Policy Government Privacy Surveillance Technology Top News

Israeli Spyware Firm NSO Group Found Liable for Hacks of WhatsApp Users

A California court recently ruled against the Israeli firm NSO Group which has become infamous for hacking numerous encrypted platforms.

In late December the Northern District of California ruled against Israeli spyware firm NSO Group, finding the controversial firm liable for hacking and a breach of contract.

The ruling was the latest in a five year battle between NSO Group and WhatsApp over the Israeli company’s Pegasus spyware infiltrating WhatsApp’s servers to spy on WhatsApp users.

Overall, the ruling was a win for WhatsApp with the court finding in favor of their motions for sanctions against NSO Group. However, the court also ruled against elements of WhatsApp’s sanctions request.

The court found that NSO Group is subject to evidentiary sanctions for refusing to comply with discovery requests after the court ordered the company to comply and produce various documents. The company is notorious for attempting to impede lawsuits by refusing to provide relevant information, including a now dropped lawsuit filed by Apple.

NSO Group used their malicious spyware known as Pegasus to infiltrate and monitor devices and extract information using what are known as zero-click exploits. This means that a user does not need to click on a link or download a program for a hacker to access their devices. Instead, Pegasus exploits existing software like WhatApp’s servers.

In this specific case, NSO Group was found liable for hacking journalists and employees of El Faro, an independent publication which primarily serves Central America. NSO Group and clients using their spyware used the zero-click exploits to install Pegasus on iPhones of 22 employees of El Faro between June 2020 and November 2021.

The court found that NSO Group exceeded its “authorized access” to WhatsApp’s servers and breached WhatsApp’s terms of service by transmitting its infiltration code and learning information about target devices through WhatsApp’s servers. The court found NSO Group liable under the Computer Fraud and Abuse Act (“CFAA”), California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), and for breach of contract.

Damages will be decided at a trial in 2025.

The Electronic Privacy Information Center (EPIC) called the ruling a “win for the journalists, activists, politicians, and everyday users that NSO Group targets to help authoritarian governments”.

EPIC filed an amicus brief against NSO Group arguing that foreign spyware is not exempt under the CFAA when the exploited computers are located in the United States. In their brief, EPIC noted that, “Unlike a one-click attack, which requires a target to click on a link in order to trigger the attack, a zero-click attack downloads and installs spyware on the target’s device without the target’s involvement or awareness, making it all but impossible for even sophisticated smartphone users to prevent or detect attacks.”

“The Pegasus attacks not only caused Plaintiffs serious personal harms, but also upended Plaintiffs’ professional lives,” EPIC wrote. “Plaintiffs have fundamentally altered how they use their iPhones, making it considerably more costly and time-consuming to conduct the in-depth, independent reporting for which El Faro is known.”

EPIC has also submitted a Freedom of Information Act request to the FBI seeking information about its connections to NSO Group and use of Pegasus spyware. The organization has yet to hear back from America’s largest law enforcement agency.

Despite the court ruling and the attempt at sanctioning NSO Group, it is unlikely to deter the firm from continuing its surreptitious practices. As a November court filing made clear, even after NSO Group was sued by Meta (the parent company of WhatsApp) they continued the practicing of spying on users.

“The evidence unveiled shows exactly how NSO’s operations violated U.S. law and launched their cyber-attacks against journalists, human rights activists and civil society,” a WhatsApp spokesperson told CyberScoop via email.

NSO Group’s Web of Infiltration

The Last American Vagabond has previously reported on the NSO Group and the rise of the “offensive spyware market”. The type of software sold by NSO Group is known as spyware because it is explicitly aimed at helping the user gain unauthorized remote access to an internet-enabled device for surveillance and data extraction.

The NSO Group first came to prominence in 2020 when more than 50,000 phone numbers belonging to individuals identified as “people of interest” by nations using Pegasus were leaked to Amnesty International and Forbidden Stories.

This data was then distributed to 17 media outlets under the name “The Pegasus Project”, including The Guardian, Le Monde, The Washington Post, Frontline, The Wire, and Proceso. Their reporting revealed that NSO Group developed and supplied their Pegasus spyware to international governments which in turn used the tool to target government officials, journalists, activists, academics, and embassy workers.

The reporting from The Washington Post showed that Pegasus was used to target the wife of journalist Jamal Khashoggi months before he was murdered. Pegasus leadership has denied their spyware was used in the murder.

In February, Poland’s Prime Minister announced that the previous government had deployed NSO Group’s Pegasus to hack opposition politicians.

In 2022 it was reported that the FBI had purchased a license to use Pegasus. FBI Director Christopher Wray claimed the purchase was only for research and development purposes.

“To be able to figure out how bad guys could use it, for example,” he told Senator Ron Wyden, Democrat of Oregon, according to a transcript of the hearing that was recently declassified.

However, internal FBI documents and court records obtained by The New York Times showed that FBI officials attempted to use Pegasus in 2020 and 2021 in their own criminal investigations. After the Times reported on the secret purchase and attempted use of Pegasus the FBI conducted an internal investigation to uncover who used the tools only to find out that the FBI itself contracted with vendor Riva Networks.

In fact, the FBI contracted with Riva Networks to track drug smugglers in Mexico using Landmark, another NSO Group technology known for tracking cell phones.

Paragon Solutions: Yet Another Israeli Spyware Firm

In September 2024, the US Immigration and Customs Enforcement (ICE) signed a $2 million one-year contract with another controversial Israeli spyware vendor, Paragon Solutions. The contract involved Paragon’s US subsidiary based in Chantilly, Virginia and ICE’s Homeland Security Investigations Division 3.

Paragon claims its tools can help law enforcement and governments remotely crack encrypted messaging platforms like WhatsApp, Telegram, Signal, and Facebook Messenger.

The agreement calls for Paragon to provide ICE with a “fully configured proprietary solution including license, hardware, warranty, maintenance and training.” The agreement was first reported on by Wired.

Within weeks of the ICE-Paragon contract becoming public Wired reported the contract was under review by the White House to see if it violates a 2023 Executive Order issued by the Biden administration. Executive Order 14093 was signed by President Joe Biden in March 2023 as part of an ongoing US government effort ostensibly aimed at restricting the use of commercial spyware by U.S. agencies.

The EO says the US government will continue to promote the “responsible use” of spyware that aligns with promoting “democratic values”. Despite the U.S. government efforts to prosecute journalists like Julian Assange, the EO claims the U.S. has an interest in “promoting respect for human rights; and defending activists, dissidents, and journalists against threats to their freedom and dignity.”

Emily Tucker, the executive director at the Center on Privacy and Technology at Georgetown Law, told Vanity Fair that an “impending disaster” between privacy and the growth of the spyware industry was inevitable.

“You may believe yourself not to be in one of the vulnerable categories, but you won’t know if you’ve ended up on a list for some reason or your loved ones have,” Emily Tucker warned. “Every single person should be worried.”

By October 31st, More than 30 civil society and digital rights organizations and spyware experts signed a letter which calls on the Department of Homeland Security to release details about its $2 million contract with Paragon.

In 2021, Forbes first reported on the existence of Paragon and noted that many of Paragon’s employee LinkedIn profiles reveal their connections to Israeli intelligence. Paragon’s cofounder, director, and chief shareholder Ehud Schneorson was a former commander of Israel’s elite Unit 8200. Paragon’s CEO Idan Nurick and CTO Igor Bogudlov are also former members of Israeli intelligence.

Former Israeli prime minister Ehud Barak is also listed as a cofounding director and investor. Barak is known for his connections to Israeli firms Toka and Carbyne911 (now Carbyne). He is also infamous for accompanying Jeffrey Epstein on his private plane dozens of times.

In addition to the investment from Ehud Barak, Paragon has also received significant financial resources from Boston-based investment firm Battery Ventures. Forbes reported that two anonymous senior employees at companies in the Israeli surveillance industry said Battery Ventures invested between $5 and $10 million. Battery’s Israel-based vice president Aaron Rinberg is also listed as a “board observer” at Paragon.

Battery is known for its financial investments in several successful companies, including Coinbase, Groupon, Splunk, SkullCandy and Pokémon Go creator Niantic.

With less than three weeks until Donald Trump returns to the White House, the American public ought to continue watching the spyware industry and the growing number of contracts between these surveillance firms and the U.S. government.

Derrick Broze
Derrick Broze
Derrick Broze, a staff writer for The Last American Vagabond, journalist, author, documentary film maker, public speaker, and activist. He is the founder of The Conscious Resistance Network, an independent media outlet dedicated to investigative journalism, and the intersection of liberty and spirituality. Derrick is the author of the underground best-seller How to Opt-Out of the Technocratic State. He is also the writer, director, and narrator of the 17-part documentary series, The Pyramid of Power.
https://www.thelastamericanvagabond.com/category/derrick-broze/

2 Replies to “Israeli Spyware Firm NSO Group Found Liable for Hacks of WhatsApp Users

  1. What NSO does is not independent of the US. NSO exploits the entire android/apple phone architecture with all the zero day flaws put in there IN ADVANCE [(1) https://www.darkreading.com/vulnerabilities-threats/400-qualcomm-chip-vulnerabilities-threaten-millions-of-android-phones (2) https://www.bleepingcomputer.com/news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/ ] [the qualcomm modem flaw list is endless] which knowledge of exploiting of the same is presumably known to NSO or shared with them. The telecom devices we use, we use under onerous “license” agreements. Like…the airwaves…they are not “free”. They are a federally controlled resource under onerous LICENSE ARRANGEMENTS, ok? ANd apple and android and whatsapp are also not “free to exploit” platforms, you sign on to long onerous terms and conditions of use etc which most of us never even bother to READ. Like when you fly on a plane, IATA decides a lot of things in advance. We are not even aware of it. So to PRETEND like the anglo zionist media does, that….”oh NSO went and did this….NSO went and did that…”…this is BS. THE US PERMITS NSO to exploit their platforms. THE US holds the KEYS. But as with all things Israel, the anglo completely lose their sh*t and drop to knees, when it comes to Israel.

  2. The implications of holding such organizations liable are far-reaching, especially given the growing concerns about surveillance and privacy in the digital age.

    The discussion about the misuse of Pegasus spyware and its impact on human rights is incredibly important. When tools designed for security end up being used to suppress dissent or target journalists and activists, it highlights a significant failure in oversight and ethical responsibility. Your emphasis on the need for transparency and accountability is spot-on—without these, the misuse of technology will only continue to grow.

    I also appreciated the focus on legal precedents and the challenges of regulating powerful tech firms operating in a global landscape. The balance between national security and individual freedoms is tricky, but allowing unchecked use of surveillance tools tilts the scale dangerously toward authoritarian practices.

Leave a Reply

Your email address will not be published. Required fields are marked *