WhatsApp Wins $167 Million Lawsuit as NSO Spyware Secrets Are Exposed in Courtroom Drama

In a landmark courtroom decision that has shaken the surveillance industry, WhatsApp has secured a $167 million victory over NSO Group, the notorious Israeli spyware developer behind the Pegasus hacking tool. The jury’s decision not only marks a win for Meta’s encrypted messaging platform, but it also pulls back the curtain on the shadowy ecosystem of government-backed cyber-espionage that has targeted thousands across the globe—including Americans.

This trial, five years in the making, originated from a 2019 lawsuit by WhatsApp, which alleged that NSO had exploited a vulnerability in its voice-calling feature to inject spyware onto over 1,400 user devices. The attacks required no user interaction—a “zero-click” exploit that essentially weaponized a missed call.

According to courtroom testimony, NSO built a custom system—the WhatsApp Installation Server—designed to impersonate legitimate network activity and trick phones into downloading Pegasus spyware. All it needed? A target’s phone number.

But the revelations didn’t stop at technical details. In a surprising admission, NSO’s VP of R&D Tamir Gazneli confirmed that the spyware was still being used against WhatsApp users well after the lawsuit began, with codenames like “Erised,” “Eden,” and “Heaven” continuing into 2020 under the internal project name “Hummingbird.”

Even more troubling, NSO confirmed what had long been denied: Pegasus was used to target a U.S. phone number—allegedly as a demonstration for the FBI, raising serious questions about the spyware’s reach and regulatory oversight.

The courtroom also offered a rare glimpse into NSO’s operations and clientele. Its customers include governments in Mexico, Saudi Arabia, and Uzbekistan, and they reportedly paid between $7 million and $61 million for spyware access, depending on the scale and covert capabilities involved. NSO executives revealed that the Pegasus system chooses hacking methods automatically, with customers simply selecting their targets—not how to breach them.

Ironically, NSO’s headquarters in Herzliya, Israel, shares a building with Apple, whose devices have been prime targets of Pegasus. “We share the same elevator,” joked CEO Yaron Shohat, in a detail that highlights just how surreal the tech surveillance world has become.

But beneath the courtroom drama lies a darker financial reality. Documents revealed that NSO is hemorrhaging cash, posting $21 million in losses over two years and burning through $10 million monthly, mostly on salaries and R&D. With less than $5 million left in the bank, Shohat pleaded with the court: “To be honest, I don’t think we’re able to pay anything.”

While NSO might be financially drowning, the implications of this case reach far beyond the courtroom. The revelations surrounding Pegasus spyware, FBI involvement, and cloud-based impersonation tactics have raised fresh alarms—especially as the White House investigates the recent hacking of Trump’s chief of staff Susie Wiles, a breach that involved AI voice cloning and unauthorized contact access.

As cyberweapons get cheaper and smarter, and as nation-states increasingly turn to private firms for offensive tools, the stakes are growing. For now, WhatsApp’s courtroom triumph offers a rare moment of accountability—but the deeper question remains: Can our privacy survive the age of digital surveillance-for-hire?