WhatsApp hackers now face hefty financial penalties due to their unauthorized activities.

Catch 'Em If You Can: NSO Group Faces Million-Dollar Fine for Hacking WhatsApp

• Contributor: Malte Mansholt
• Reading Time: ~2 Min

WhatsApp Hackers Told to Pay Millions as Retribution for Intercepting Chats - WhatsApp hackers now face hefty financial penalties due to their unauthorized activities.

In a stunning turn of events, the Israeli hacker firm, NSO Group, has been slapped with a whopping $167.25 million fine by a U.S. federal jury for breaching the security of popular messaging app, WhatsApp, in 2018. The company managed to spy on thousands of unsuspecting users, even outsmarting WhatsApp's encryption measures. The fine includes $444,719 in damages and a hefty penalty.

Meta, the operator of WhatsApp, is set to receive this financially crippling settlement after discovering the hacking activities by NSO Group. The firm had spied on more than 1,400 WhatsApp users on behalf of its clients, which included journalists, human rights activists, and government critics. Jamal Khashoggi, the journalist murdered in 2018 on behalf of Saudi government, was also a victim of this espionage, having been spied on using Pegasus earlier.

Sneaky Invasion of Privacy

The unprecedented hack involved exploiting a previously unknown security flaw, or a zero-day vulnerability. The malware was surreptitiously installed on devices through silent calls or texts, with no intervention needed from the victims. This type of attack is relatively rare, with such vulnerabilities fetching millions in the underground market. Once installed, hackers gained unfiltered access to targets' messages, emails, photos, and control over cameras and microphones, essentially setting up a surveillance system invisible to users.

After Meta employees identified the vulnerability in May 2019, it took months to recognize more than 1,400 victims and unravel the conspiracy.Collaborating with the civil rights organization, Citizen Lab, Meta tirelessly worked to shed light on the attack. It wasn't until five months after discovery that Meta publicly accused NSO Group of being behind the attack and decided to sue.

A Precedent Set

The trial brought to light the questionable practices of hacker firms often operating in the gray area. The NSO Group admitted to spending tens of millions annually to discover and exploit security vulnerabilities in WhatsApp and other programs. The company claimed its only customers were those combating terrorism, child abuse, or serious crimes, and it actively discouraged spying on journalists, dissidents, or human rights activists.

However, the plaintiffs managed to convince the jury otherwise. "This is a historic milestone, the first time that operators of spyware have been put on trial and their methods exposed to the public in this way," Meta stated. "This verdict is a crucial step forward in protecting privacy and security." Apart from Meta, Apple has also filed a lawsuit against NSO Group for taking control over iPhones, which is still pending.

The Winner Takes It All

"Apparently, ministries don't appreciate companies that help dictators spy on dissidents," a researcher at the Citizen Lab commented on the short messaging service Bluesky. "NSO boasted all these sophisticated legal arguments and PR machinery behind them. But once their activities were exposed, the jury sent out a crystal-clear message to other companies: Be warned, you could be next."

While NSO Group hasn't officially surrendered, a spokesperson has stated that the company is currently reviewing the details of the verdict, with potential plans for an appeal.

Sources: The Verge, Meta, Courthouse News Service

• WhatsApp
• Messenger

_Enrichment Data:

The Big Picture:

• Exploited Vulnerability: NSO Group took advantage of a zero-day vulnerability in WhatsApp's VOIP stack, known as CVE-2019-3568. The exploit allowed attackers to execute remote code through specially crafted RTCP packets[1][2].
• Number of Users Affected: Approximately 1,400 WhatsApp users were compromised by NSO's Pegasus spyware[3].
• Target Audience: The hack mainly influenced journalists, activists, and government critics[3].
• Legal Outcome: A U.S. federal jury ordered NSO Group to pay Meta a significant sum for damages and penalties (totaling $167.25 million)[1][2][3].

Impact and Perspectives:

• NSO Group's Appeal: The hacker firm intends to challenge the verdict[3].
• Industry Consequences: The decision might signal stricter regulations for the commercial spyware industry, potentially affecting NSO Group’s operations[1][2].*

1. "What's up, messenger? The trial against NSO Group has set a precedent for cybersecurity, exposing questionable practices in the spyware industry and potentially paving the way for stricter regulations."
2. "The NSO Group's hacking of WhatsApp in 2018 involved exploiting a zero-day vulnerability, allowing them to spy on over 1,400 users, including journalists, activists, and government critics."
3. "In a recent court case, the Israeli hacker firm NSO Group was ordered to pay Meta $167.25 million for breaching the security of WhatsApp and spying on thousands of unsuspecting users."
4. "Hackers managing to outsmart encryption measures and install malware on devices without any intervention from the victims is a relatively rare occurrence, fetching millions in the underground market."
5. "Apart from Meta, Apple has also filed a lawsuit against NSO Group, highlighting the growing concern for cybersecurity in the technology industry, particularly in regards to general-news and crime-and-justice matters."

Read also: