In a striking legal repudiation of the spyware industry, a federal jury in California has ordered Israeli cyberintelligence firm NSO Group to pay Meta Platforms Inc. more than $167 million in damages, after finding that NSO unlawfully targeted WhatsApp users with its controversial hacking tools.

The judgment, handed down in the U.S. District Court for the Northern District of California, stems from a lawsuit filed by Meta — the parent company of WhatsApp and Facebook — in response to a 2019 breach, in which NSO’s notorious Pegasus spyware was secretly implanted on the phones of approximately 1,400 WhatsApp users, including journalists, lawyers, activists, and officials.

“For years, NSO has sold spyware to government clients, enabling surveillance and cyberattacks against innocent people including activists and journalists,” Will Cathcart, head of WhatsApp, said in a post on X. “This case was about stopping them and sending a clear message: nobody is above the law.”

Meta welcomed the decision as a landmark victory in the ongoing global battle over spyware and digital privacy. “The recent verdict in the case against spyware merchant NSO highlights the seriousness of their wrongdoing,” Meta said in a statement on its blog.

The $167 million award covers damages for breaches of the Computer Fraud and Abuse Act, which the jury found NSO violated by facilitating the hacking campaign. Jurors heard detailed accounts of how the Pegasus tool allowed NSO’s government customers to surreptitiously access a target’s messages, location data, and even microphone — all without the victim’s knowledge.

“Our work to guard against surveillance-for-hire operations continues,” Meta’s statement added. “We’ll continue to use all available tools to detect, disrupt, and hold them accountable.”

Global Implications for Spyware Vendors

NSO, which has repeatedly defended its practices by claiming it only sells Pegasus to governments for crime-fighting and counter-terrorism, has faced global scrutiny as evidence mounted over the years of its software being abused to target civil society. In 2021, the U.S. Commerce Department added NSO to its “entity list,” effectively blacklisting the company from American technology and investment.

In the wake of the U.S. jury verdict, privacy advocates have declared a victory for accountability in an industry seen as operating with impunity. “The court’s order affirms that surveillance-for-hire companies cannot escape responsibility for the harm their products cause around the world,” said Laura Edelson, an professor at Northeastern University, to Ars Technica.

A Case Rooted in Technical Intrusions

The heart of the case was WhatsApp’s 2019 detection of a sophisticated zero-day exploit targeting its users. NSO’s tools leveraged a flaw in WhatsApp’s voice call feature, which allowed attackers to infect devices merely by placing a call — the user did not even need to answer.

Meta’s lawsuit, filed in October 2019, alleged that NSO sent malicious code to WhatsApp servers with the intent of surveilling users. NSO argued it should be immune from liability because it operated as an agent of foreign governments; a federal appeals court rejected this claim. “Foreign sovereign immunity does not prevent WhatsApp from seeking redress from NSO,” Judge Danielle Forrest wrote in the appellate decision last year.

Throughout the trial, WhatsApp’s security team outlined the painstaking efforts required to patch the vulnerability and notify affected users. “State-sponsored hacking undermines trust and puts people at risk,” Will Cathcart said on X, following the verdict.

The Future for NSO and the Spyware Industry

The financial and reputational blow to NSO comes at a time when the company faces mounting debts and regulatory obstacles worldwide. The ruling also has severe implications for a global industry that sells powerful hacking tools to state and non-state actors, often without meaningful oversight. “Meta hopes this outcome will serve as a stark warning to companies touting similar products,” the company said in its public statement.

NSO indicated it plans to appeal the decision, according to multiple reports. The company maintains that Pegasus remains “an essential tool in the fight against crime and terror,” but the jury’s verdict reinforces growing skepticism of what many see as unchecked surveillance powers wielded by commercial actors.

Despite the definitive win, Meta continues to push for stricter norms and enforcement against spyware abuse. “We need concerted action from industry, civil society, and governments to ensure accountability in surveillance-for-hire operations,” Meta stated.

As the digital battlefield between privacy and surveillance intensifies, the Meta v. NSO verdict stands as a precedent-setting moment — potentially reshaping the rules for a shadowy industry whose tools can upend lives and challenge democratic norms.