{"id":669071,"date":"2025-05-14T12:40:23","date_gmt":"2025-05-14T09:40:23","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/"},"modified":"2025-05-14T12:40:23","modified_gmt":"2025-05-14T09:40:23","slug":"seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/","title":{"rendered":"Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a23e50bb25da\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a23e50bb25da\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#Testimony_described_how_the_WhatsApp_attack_worked\" >Testimony described how the WhatsApp attack worked<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#NSO_Group_confirms_it_targeted_an_American_phone_number_as_a_test_for_the_FBI\" >NSO Group confirms it targeted an American phone number as a test for the FBI<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#Contact_Us\" >Contact Us<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#How_NSO_Groups_government_customers_use_Pegasus\" >How NSO Group\u2019s government customers use Pegasus<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#NSO_Groups_headquarters_shares_the_same_building_as_Apple\" >NSO Group\u2019s headquarters shares the same building as Apple<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#NSO_Group_admitted_that_it_kept_targeting_WhatsApp_users_after_the_lawsuit_was_filed\" >NSO Group admitted that it kept targeting WhatsApp users after the lawsuit was filed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#NSO_says_it_employs_hundreds_of_people\" >NSO says it employs hundreds of people<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/#NSO_Group_describes_dire_finances\" >NSO Group describes dire finances<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">On Tuesday, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">WhatsApp<\/a> scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company.<\/p>\n<p class=\"wp-block-paragraph\">The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than 1,400 of its users by taking advantage of a vulnerability in the chat app\u2019s audio-calling functionality.<\/p>\n<p class=\"wp-block-paragraph\">The verdict came after a week-long jury trial that featured several testimonies, including NSO Group\u2019s CEO Yaron Shohat and WhatsApp employees who responded and investigated the incident.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Even before the trial began, the case had unearthed several revelations, including that NSO Group had cut off 10 of its government customers for abusing its Pegasus spyware, the locations of 1,223 of the victims of the spyware campaign, and the names of three of the spyware maker\u2019s customers: Mexico, Saudi Arabia, and Uzbekistan.<\/p>\n<p class=\"wp-block-paragraph\">TechCrunch read the transcripts of the trial\u2019s hearings and is highlighting the most interesting facts and revelations that came out. We will update this post as we learn more from the cache of more than 1,000 pages.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-testimony-described-how-the-whatsapp-attack-worked\"><span class=\"ez-toc-section\" id=\"Testimony_described_how_the_WhatsApp_attack_worked\"><\/span><strong>Testimony described how the WhatsApp attack worked<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">The zero-click attack, which means the spyware required no interaction from the target, \u201cworked by placing a fake WhatsApp phone call to the target,\u201d as WhatsApp\u2019s lawyer Antonio Perez said during the trial. The lawyer explained that NSO Group had built what it called the \u201cWhatsApp Installation Server,\u201d a special machine designed to send malicious messages across WhatsApp\u2019s infrastructure mimicking real messages.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cOnce received, those messages would trigger the user\u2019s phone to reach out to a third server and download the Pegasus spyware. The only thing they needed to make this happen was the phone number,\u201d said Perez.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">NSO Group\u2019s research and development vice president Tamir Gazneli testified that \u201cany zero-click solution whatsoever is a significant milestone for Pegasus.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-nso-group-confirms-it-targeted-an-american-phone-number-as-a-test-for-the-fbi\"><span class=\"ez-toc-section\" id=\"NSO_Group_confirms_it_targeted_an_American_phone_number_as_a_test_for_the_FBI\"><\/span><strong>NSO Group confirms it targeted an American phone number as a test for the FBI<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\"><span class=\"ez-toc-section\" id=\"Contact_Us\"><\/span>Contact Us<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\t\t\tDo you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.\t\t<\/p><\/div>\n<p class=\"wp-block-paragraph\">For years, NSO Group has claimed that its spyware cannot be used against American phone numbers, meaning any cell number that starts with the +1 country code. <\/p>\n<p class=\"wp-block-paragraph\">In 2022, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.nytimes.com\/2022\/01\/28\/magazine\/nso-group-israel-spyware.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">The New York Times first reported<\/a> that the company did \u201cattack\u201d a U.S. phone but it was part of a test for the FBI.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">NSO Group\u2019s lawyer Joe Akrotirianakis confirmed this, saying the \u201csingle exception\u201d to Pegasus not being able to target +1 numbers \u201cwas a specially configured version of Pegasus to be used in demonstration to potential U.S. government customers.\u201d<\/p>\n<p class=\"wp-block-paragraph\">The FBI <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.nytimes.com\/2022\/11\/12\/us\/politics\/fbi-pegasus-spyware-phones-nso.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">reportedly chose<\/a> not to deploy Pegasus following its test.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-how-nso-group-s-government-customers-use-pegasus\"><span class=\"ez-toc-section\" id=\"How_NSO_Groups_government_customers_use_Pegasus\"><\/span><strong>How NSO Group\u2019s government customers use Pegasus<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">NSO\u2019s CEO Shohat explained that Pegasus\u2019 user interface for its government customers does not provide an option to choose which hacking method or technique to use against the targets they are interested in, \u201cbecause customers don\u2019t care which vector they use, as long as they get the intelligence they need.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">In other words, it\u2019s the Pegasus system in the backend that picks out which hacking <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a>, known as an exploit, to use each time the spyware targets an individual.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-nso-group-s-headquarters-shares-the-same-building-as-apple\"><span class=\"ez-toc-section\" id=\"NSO_Groups_headquarters_shares_the_same_building_as_Apple\"><\/span><strong>NSO Group\u2019s headquarters shares the same building as Apple<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">In a funny coincidence, NSO Group\u2019s <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.google.com\/maps\/place\/N.S.O.+Group+Technologies+ltd.\/@32.1654515,34.7735432,14z\/data=!3m1!4b1!4m6!3m5!1s0x151d4912074dc1f3:0x5a55935a3e5faa7!8m2!3d32.1654205!4d34.8104515!16s%2Fg%2F11jjp8_jy4?entry=ttu&amp;g_ep=EgoyMDI1MDUwNi4wIKXMDSoJLDEwMjExNDUzSAFQAw%3D%3D\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">headquarters<\/a> in Herzliya, a suburb of Tel Aviv in Israel, is in the same building <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.google.com\/maps\/place\/Apple\/@32.1656131,34.8087369,17z\/data=!3m1!4b1!4m6!3m5!1s0x151d488c142fac83:0xc1721ff4aa12d0fe!8m2!3d32.1656131!4d34.8113118!16s%2Fg%2F11b76ttfx3?entry=ttu&amp;g_ep=EgoyMDI1MDUwNi4wIKXMDSoJLDEwMjExNDUzSAFQAw%3D%3D\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">as Apple<\/a>, whose iPhone customers are also frequently targeted by NSO\u2019s Pegasus spyware. Shohat said NSO occupies the top five floors and Apple occupies the remainder of the 14-floor building.<\/p>\n<p class=\"wp-block-paragraph\">\u201cWe share the same elevator when we go up,\u201d Shohat said during testimony.<\/p>\n<p class=\"wp-block-paragraph\">The fact that NSO Group\u2019s headquarters are openly advertised is somewhat interesting on its own. Other companies that develop spyware or zero-days like the Barcelona-based Variston, which shuttered in February, was located in a co-working space while claiming on its official website to be located somewhere else.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-nso-group-admitted-that-it-kept-targeting-whatsapp-users-after-the-lawsuit-was-filed\"><span class=\"ez-toc-section\" id=\"NSO_Group_admitted_that_it_kept_targeting_WhatsApp_users_after_the_lawsuit_was_filed\"><\/span><strong>NSO Group admitted that it kept targeting WhatsApp users after the lawsuit was filed<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">Following the spyware attack, WhatsApp filed its lawsuit against NSO Group in November 2019. Despite the active legal challenge, the spyware maker kept targeting the chat app\u2019s users, according to NSO Group\u2019s research and development vice president Tamir Gazneli.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Gazneli said that \u201cErised,\u201d the codename for one of the versions of the WhatsApp zero-click vector, was in use from late-2019 up to May 2020. The other versions were called \u201cEden\u201d and \u201cHeaven,\u201d and the three were collectively known as \u201cHummingbird.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-nso-says-it-employs-hundreds-of-people\"><span class=\"ez-toc-section\" id=\"NSO_says_it_employs_hundreds_of_people\"><\/span><strong>NSO says it employs hundreds of people<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">NSO Group\u2019s CEO Yaron Shohat disclosed a small but notable detail: NSO Group and its parent company, Q Cyber, have a combined number of employees totalling between 350 and 380. Around 50 of these employees work for Q Cyber.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-nso-group-describes-dire-finances\"><span class=\"ez-toc-section\" id=\"NSO_Group_describes_dire_finances\"><\/span><strong>NSO Group describes dire finances<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">During the trial, Shohat answered questions about the company\u2019s finances, some of which were disclosed in depositions ahead of the trial. These details were brought up in connection with how much in damages the spyware maker should pay to WhatsApp.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">According to Shohat and documents provided by NSO Group, the spyware maker lost $9 million in 2023 and $12 million in 2024. The company also revealed it had $8.8 million in its bank account as of 2023, and $5.1 million in the bank as of 2024. Nowadays, the company burns through around $10 million each month, mostly to cover the salaries of its employees.<\/p>\n<p class=\"wp-block-paragraph\">Also, it was revealed that Q Cyber had around $3.2 million in the bank both in 2023 and 2024.<\/p>\n<p class=\"wp-block-paragraph\">During the trial, NSO revealed its research and development unit \u2014 responsible for finding vulnerabilities in software and figuring out how to exploit them \u2014 spent some $52 million in expenses during 2023, and $59 million in 2024. Shohat also said that NSO Group\u2019s customers pay \u201csomewhere in the range\u201d between $3 million and \u201cten times that\u201d for access to its Pegasus spyware.<\/p>\n<p class=\"wp-block-paragraph\">Factoring in these numbers, the spyware maker was hoping to get away with paying little or no damages.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cTo be honest, I don\u2019t think we\u2019re able to pay anything. We are struggling to keep our head above water,\u201d Shohat said during his testimony. \u201cWe\u2019re committing to my [chief financial officer] just to prioritize expenses and to make sure that we have enough money to meet our commitments, and obviously on a weekly basis.\u201d<\/p>\n<p class=\"wp-block-paragraph\"><em>First published on May 10, 2025 and updated with additional details.<\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/05\/13\/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Tuesday, WhatsApp scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company. The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than&#8230;<\/p>\n","protected":false},"author":1,"featured_media":669072,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/12\/whatsapp-toxic.jpg?resize=1200,675","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[122306,156283,156141,72287,151937,81180,72047,155987],"class_list":["post-669071","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-meta","tag-nso","tag-nso-group","tag-security","tag-spyware","tag-surveillance","tag-whatsapp","tag-zero-days"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/669071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=669071"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/669071\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/669072"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=669071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=669071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=669071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}