US Judge Finds Israel's NSO Group Liable for Hacking in WhatsApp Lawsuit

Israeli cyber firm NSO Group's exhibition stand is seen at "ISDEF 2019", an international defense and homeland security expo, in Tel Aviv, Israel June 4, 2019. REUTERS/Keren Manor/File Photo
Israeli cyber firm NSO Group's exhibition stand is seen at "ISDEF 2019", an international defense and homeland security expo, in Tel Aviv, Israel June 4, 2019. REUTERS/Keren Manor/File Photo
TT
20

US Judge Finds Israel's NSO Group Liable for Hacking in WhatsApp Lawsuit

Israeli cyber firm NSO Group's exhibition stand is seen at "ISDEF 2019", an international defense and homeland security expo, in Tel Aviv, Israel June 4, 2019. REUTERS/Keren Manor/File Photo
Israeli cyber firm NSO Group's exhibition stand is seen at "ISDEF 2019", an international defense and homeland security expo, in Tel Aviv, Israel June 4, 2019. REUTERS/Keren Manor/File Photo

A US judge ruled on Friday in favor of Meta Platforms' WhatsApp in a lawsuit accusing Israel's NSO Group of exploiting a bug in the messaging app to install spy software allowing unauthorized surveillance.

US District Judge Phyllis Hamilton in Oakland, California, granted a motion by WhatsApp and found NSO liable for hacking and breach of contract.

The case will now proceed to a trial only on the issue of damages, Hamilton said. NSO Group did not immediately respond to an emailed request for comment, according to Reuters.

Will Cathcart, the head of WhatsApp, said the ruling is a win for privacy.

"We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions," Cathcart said in a social media post.

"Surveillance companies should be on notice that illegal spying will not be tolerated."

Cybersecurity experts welcomed the judgment.

John Scott-Railton, a senior researcher with Canadian internet watchdog Citizen Lab — which first brought to light NSO’s Pegasus spyware in 2016 — called the judgment a landmark ruling with “huge implications for the spyware industry.”

“The entire industry has hidden behind the claim that whatever their customers do with their hacking tools, it's not their responsibility,” he said in an instant message. “Today's ruling makes it clear that NSO Group is in fact responsible for breaking numerous laws.”

WhatsApp in 2019 sued NSO seeking an injunction and damages, accusing it of accessing WhatsApp servers without permission six months earlier to install the Pegasus software on victims' mobile devices. The lawsuit alleged the intrusion allowed the surveillance of 1,400 people, including journalists, human rights activists and dissidents.

NSO had argued that Pegasus helps law enforcement and intelligence agencies fight crime and protect national security and that its technology is intended to help catch terrorists, pedophiles and hardened criminals.

NSO appealed a trial judge's 2020 refusal to award it "conduct-based immunity," a common law doctrine protecting foreign officials acting in their official capacity.

Upholding that ruling in 2021, the San Francisco-based 9th US Circuit Court of Appeals called it an "easy case" because NSO's mere licensing of Pegasus and offering technical support did not shield it from liability under a federal law called the Foreign Sovereign Immunities Act, which took precedence over common law.

The US Supreme Court last year turned away NSO's appeal of the lower court's decision, allowing the lawsuit to proceed.



Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials

Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)
Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)
TT
20

Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials

Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)
Secretary of State Marco Rubio attends a signing ceremony for a peace agreement between Rwanda and the Democratic Republic of the Congo at the State Department, June 27, 2025, in Washington. (AP Photo/Mark Schiefelbein, File)

The State Department is warning US diplomats of attempts to impersonate Secretary of State Marco Rubio and possibly other officials using technology driven by artificial intelligence, according to two senior officials and a cable sent last week to all embassies and consulates.

The warning came after the department discovered that an impostor posing as Rubio had attempted to reach out to at least three foreign ministers, a US senator and a governor, according to the July 3 cable, which was first reported by The Washington Post.

The recipients of the scam messages, which were sent by text, Signal and voice mail, were not identified in the cable, a copy of which was shared with The Associated Press.

“The State Department is aware of this incident and is currently investigating the matter,” it said. “The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cybersecurity posture to prevent future incidents.”

It declined to comment further due to “security reasons” and the ongoing investigation.

One of the officials said the hoaxes had been unsuccessful and “not very sophisticated.” Nonetheless, the second official said the department deemed it “prudent” to advise all employees and foreign governments, particularly as efforts by foreign actors to compromise information security increase.

The officials were not authorized to discuss the matter publicly and spoke on condition of anonymity.

“There is no direct cyber threat to the department from this campaign, but information shared with a third party could be exposed if targeted individuals are compromised,” the cable said.

The FBI warned in a public service announcement this past spring of a “malicious text and voice messaging campaign” in which unidentified “malicious actors” have been impersonating senior US government officials.

The scheme, according to the FBI, has relied on text messages and AI-generated voice messages that purport to come from a senior US official and that aim to dupe other government officials as well as the victim’s associates and contacts.

It is the second high-level Trump administration official to face such AI-driven impersonation.

The government was investigating after elected officials, business executives and other prominent figures received messages from someone impersonating President Donald Trump’s chief of staff, Susie Wiles. Text messages and phone calls went out from someone who seemed to have gained access to the contacts in Wiles’ personal cellphone, The Wall Street Journal reported in May.

Some of those who received calls heard a voice that sounded like Wiles, which may have been generated by artificial intelligence, according to the newspaper. The messages and calls were not coming from Wiles’ number, the report said.