In a landmark ruling that sent shockwaves through the global surveillance industry, a federal jury in California has ordered Israel’s NSO Group to pay $168 million in damages to Meta, the parent company of WhatsApp, for hacking into the messaging platform’s servers and targeting thousands of users on behalf of foreign governments.
This decision concludes a six-year legal battle that not only exposed the inner workings of one of the world’s most notorious spyware companies but also raised uncomfortable questions about the role of governments, including the United States, in the global spyware trade.
Credits: The Times of Israel
The Spyware That Wouldn’t Quit
At the heart of the lawsuit was NSO’s powerful hacking tool—Pegasus—used to break into smartphones without the user’s knowledge. Between 2018 and 2020, NSO exploited vulnerabilities in WhatsApp’s infrastructure to infect devices and access private communications, even after Meta filed its lawsuit.
According to court documents, the spyware was so stealthy and invasive that it allowed complete remote access to a phone—photos, messages, emails, and even the microphone and camera. The firm’s vice president of R&D, Tamir Gazneli, admitted that “thousands of devices” were compromised during that time.
Despite the ongoing litigation, Meta alleged that NSO continued targeting WhatsApp servers and mobile clients, prompting the tech giant to seek not just damages, but a permanent injunction to stop future intrusions.
“Not People, Just Targets” – A Controversial Defense
One of the most dramatic moments of the trial came when Gazneli tried to defend NSO’s practices by claiming their technology wasn’t “spyware” but rather a tool for intelligence gathering.
“They’re not people. They’re targets of intelligence agencies,” Gazneli told the court. This statement drew immediate backlash, especially from Meta’s lawyer Antonio Perez, who questioned how the company could so casually dehumanize individuals under surveillance.
The semantics failed to sway the jury. Instead, it further highlighted the moral ambiguity that companies like NSO operate within—where governments are clients, and privacy is often collateral damage.
A Price Tag on Privacy: $7 Million for 15 Phones
The trial also revealed the staggering costs associated with NSO’s spyware. Sarit Bizinsky Gil, the company’s vice president of global business operations, testified that European government clients were typically charged $7 million for the ability to hack into just 15 devices at a time.
An additional feature allowing hacking of phones outside a customer’s own country came at a premium—an extra $1–2 million.
“This is a highly sophisticated product,” Perez noted. “And it carries a hefty price tag.”
U.S. Agencies in the Mix
In a surprising twist, court records revealed that even U.S. government agencies—the CIA and FBI—paid NSO a combined $7.6 million. Although earlier reports by The New York Times had hinted at such dealings, the trial finally gave those allegations concrete numbers.
The CIA allegedly bankrolled the use of NSO spyware by Djibouti, while the FBI reportedly acquired it for testing purposes. This complicated Meta’s case—one U.S. entity suing a company while others had quietly worked with it.
Credits: Communications Today
The Future of Surveillance Tech Regulation
Despite being blacklisted by the U.S. Department of Commerce in 2021, NSO remained defiant in its global operations. Meta’s victory marks one of the first major legal wins by a tech company against a surveillance-for-hire firm, but it may be just the beginning.
“This case is about accountability,” Meta said in a statement. “NSO not only violated our systems, but they continued to do so even after we sued. That behavior is unacceptable.”
With the court’s decision, tech platforms are hoping for a chilling effect on private spyware companies. The $168 million fine is hefty, but the true cost may be to NSO’s reputation—and the global scrutiny it has brought upon the shadowy world of digital surveillance.
