Not sure if this is too little, too late. The israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, employed almost 500 people as of 2017 [1] . However, the US govt included NSO Group in its Entity List for acting against U.S. national security and foreign policy interests, effectively banning U.S. companies from supplying NSO [1]
This makes me think that NSO is effectively frozen out of the US banking network, and therefore the whatsapp judgement is ineffective to go after US assets in US jurisdictions. So, no disgorgement outside of what banks may have frozen before this lawsuit (if anything) as a result of the Entity list addition.
Given that the NSO Group is supported by the Israeli government and their weapons have been used against US civilians, and US-aligned individuals, you would think there would be much heftier consequences.
rafale · 8h ago
They knowingly attacked and destroyed USS Liberty in 1967 and didn't face any consequences.
Sometimes I wonder what's so special about Israel that they keep getting away with everything.
gruez · 3h ago
>They knowingly attacked and destroyed USS Liberty in 1967
Both sides agree it was an accident.
>Israel apologized for the attack, saying that USS Liberty had been attacked in error after being mistaken for an Egyptian ship.[5] Both the Israeli and United States governments conducted inquiries and issued reports that concluded the attack was a mistake due to Israeli confusion about the ship's identity.[6]
bn-l · 54m ago
The survivors themselves say it was deliberate.
wkat4242 · 3h ago
There's also many voices saying it was a coverup.
gruez · 3h ago
The same could be said of the JFK assassination, or the moon landing.
carlosjobim · 2h ago
The moon landing was a cover up for what?
Loughla · 2h ago
Not having happened. Not a cover up for something else. Just that it didn't happen, but the US was so hard up to beat the Russians at something that they staged it.
It's ridiculous. But the world we live in is also ridiculous, and the internet has enabled idiots to meet in numbers that have never been possible before.
SAI_Peregrinus · 1h ago
To cover up that the moon doesn't exist, of course.
I'm sure we can come up with a ridiculous conspiracy hypothesis around what we're actually seeing when we think we're seeing the moon. Might need to involve time travel to explain historical records.
Gud · 3h ago
And if you scratch the surface, you will quickly realise that their apology is bullshit.
Israel wanted the US involved and conducted a false flag operation:
“Some intelligence and military officials dispute Israel's explanation.[79] Dean Rusk, U.S. Secretary of State at the time of the incident, wrote:
I was never satisfied with the Israeli explanation. Their sustained attack to disable and sink Liberty precluded an assault by accident or some trigger-happy local commander. Through diplomatic channels we refused to accept their explanations. I didn't believe them then, and I don't believe them to this day. The attack was outrageous.[80]”
>I was never satisfied with the Israeli explanation. Their sustained attack to disable and sink Liberty precluded an assault by accident or some trigger-happy local commander.
If the attack was due to mistaken identity, wouldn't you expect the Israelis to go all out? I also skimmed the section and there's not much in the way of arguments besides that and "Israel pressured US to admit it was an accident".
jona-f · 6h ago
US's legitimization of it's leading role in the world is based on the story how they saved the world from the nazis. This story escalated ideologically, so now any critique of Israel is indirectly questioning USA as the world leader.
graemep · 2h ago
I do not think so. Not outside the US anyway.
The legitimisation lies in the alternatives having been (historically) the Soviet Union, and (now) China.
krageon · 2h ago
In any practical sense the Soviet Union did in fact do the lion's share of beating the Nazis. They opened an extra front and sent in a staggering amount of troops. I don't see why it is still so demonized, except when you view it directly through the lens of US propaganda.
Their death toll, such as it is, is not even a tenth of the incredible casualty rate of the British. It does not need to be said that they're nowhere near as demonised, except in India. The scope and depth of a civilisation's deaths is not actually all that relevant to how much people hate it.
logicchains · 7h ago
What's so special? A good chunk of the US population believes the Israelis were literally chosen by God over 2000 years ago to occupy that piece of land, and they're obligated to do whatever they can to help them.
swat535 · 1h ago
> A good chunk of the US population believes the Israelis were literally chosen by God
There is more to it, not only that but they believe that the Jewish state of Israel is needed for Jesus to return to earth.
This belief comes from Thessalonians 2:1-4
"1 Now concerning the coming of our Lord Jesus Christ and our being gathered together to Him, we ask you, brothers, 2 not to be easily disconcerted or alarmed by any spirit or message or letter seeming to be from us, alleging that the Day of the Lord has already come. 3 Let no one deceive you in any way, for it will not come until the rebellion occurs and the man of lawlessness—the son of destruction—is revealed. 4 He will oppose and exalt himself above every so-called god or object of worship. So he will seat himself in the temple of God, proclaiming himself to be God."
So the "temple" is required for the anti-Christ to arise, and for Jesus to return.
Now as to if that actually means the physical Third Temple of Solomon... this is up for theological debate. Some Church Fathers held that the anti-Christ would indeed arise from a physical Third Temple. While other Church Fathers held that the 3rd Temple in Christianity was technically the Church, and so the anti-Christ would arise from her.
Either way, if you side with the first view there is no qualification for a state to be present in order to rebuild the physical Third Temple.
Protestant Evangelicals in America by and large take the first stance I mentioned, and are pretty stalwart in their belief the State of Israel is the vehicle through which this will be achieved.
ImJamal · 28m ago
They invented this view in the 1800s. Christians prior to this universally considered it a heresy.
For those who want additional information, it is called dispensationalism.
late2part · 6h ago
The same chunk of population "should" (??) think that the Israeli ancestors killed Jesus, and that the Jews will go to hell if they don't accept Jesus as their savior - so - people are weird.
InsideOutSanta · 2h ago
Surprisingly, it's internally consistent. Evangelical Christians don't support Israel because they like the people who live there. Instead, they support Israel because, based on their interpretation of Revelation 20, they believe that Israel must be rebuilt or restored as part of God's plan for the end times.
This story does not end well for Israel or the people who live there.
graemep · 2h ago
I am not no expert on the American evangelical version of Christianity so happy to hear better explanations, but not all evangelicals believe the same things so I do not think there is a reason to say they "should" believe those things. The argument that God's covenant with the Jews is still in effect implies the opposite, if anything.
Traditionalist applies across denominations with different traditions and theology so no idea whether it has a consistent meaning.
markus_zhang · 7h ago
The neo crusader kingdom?
graemep · 2h ago
There is no similarity at all between Israel and the crusader kingdoms: different historical circumstances, different aims.
markus_zhang · 2h ago
Some guys àrrived in the middle of that land and beat the hell of others and built a kingdom. Sort of the same.
graemep · 2h ago
That is a mischaracterise of the crusades, at least with regard to the crusaders.
The crusades were a reaction to the Arab and Turkish Empires, which by then (between them) invaded at some point (and mostly conquered) Spain, France, southern Italy, most of the Mediterranean, North Africa, Italy, Anatolia, and the Levant, and more.
I had not noticed the Palestinians aggressive expansionist empire.
tuyguntn · 6h ago
I also wonder about this, my personal conclusion is israelis work very hard to create a dirt on politicians over the years, and politicians just afraid of losing everything in one day vs joining the club of other blackmailed, powerful politicians. cases: Epstein, Monica Lewinsky, AIPAC, and probably many more
No comments yet
jimnotgym · 9h ago
Shouldn't we be seeing criminal sanctions? If I sold app exploits I would be in jail
voxic11 · 1h ago
Selling exploits is generally legal. What law would be used to put you in jail? Using exploits can fall under the Computer Fraud and Abuse Act's criminally prohibited conduct but afaik there is no similar law that covers distributing/selling exploits. In fact selling exploits to companies via their bug bounty programs is quite common.
All that said NSO didn't just distribute/sell the exploits (that would be giving away their secret sauce). Instead they offered what was essentially a managed service for executing the exploits against user selected targets.
4oo4 · 1h ago
Wouldn't hosting a service to facilitate others' use of the exploits fall under CFAA? Since there have been numerous arrests for those hosting Ransomware-as-a-service, DDOS-as-a-service, etc. Just curious whether there is a legal nuance that prevents them from being criminally charged instead of just politics/diplomacy.
saagarjha · 7h ago
Depends on who you sell them to
razakel · 6h ago
You're not a three-letter agency, though.
jimnotgym · 6h ago
NSO is not a three-letter agency, it is a private company
rabid_turtle · 22m ago
NSO is very cozy with Israel intelligence. It being private gives it the legal ability to do things that a government agency could not.
Below are the Internet Archive copies, since Facebook doesn't have the greatest track record on stable URLs.
(I reregistered recently and was banned for being "inauthentic" -- the URL they linked to which was supposed to detail what part of the policy I broke was broken.)
Not sure how I feel about this - on one hand the NSO Group happily sold this exploit to absolutely horrible clients[0], but on the other, app security shouldn't depend on legal enforcement.
> app security shouldn't depend on legal enforcement
Why not? There are significant negative externalities to not enforcing cybercrime laws.
lazide · 5h ago
I think they meant solely depend on legal enforcement.
For the same reason banks should have a decent vault for cash they aren’t using at this exact moment, since they shouldn’t just depend solely on any robbers getting caught.
bloppe · 5h ago
It's not like hacking WhatsApp was that easy. If it were, NSO wouldn't be able to sell it's exploits for so much
walterbell · 12h ago
> app security shouldn't depend on legal enforcement
EU Cyber Resilience Act (CRA) will soon impose legal security requirements on a wide class of software binaries sold in the EU.
vkou · 13h ago
Just because locks can be defeated by five seconds and a lockpick gun doesn't mean that the housebreaker, his fence, or his getaway driver is absolved of their responsibility.
TZubiri · 11h ago
Of course law plays a huge part in computer security.
knorker · 9h ago
As is constantly being made abundantly clear from blockchain stuff, code cannot make legal systems obsolete.
No crime in the world can be made physically impossible. Why would hacking be any different?
bn-l · 57m ago
It’s amazing how much justice you can get when you are a billion dollar company
> The jury also awarded WhatsApp $444 million in compensatory damages.
Alex_001 · 10h ago
This feels like one of the rare moments where there's actual financial accountability for spyware abuse — but is $167M even close to meaningful for a company like NSO, backed by deep-pocketed clients?
Glyptodon · 10h ago
I wonder about the other end of liability - if the app was so broken that merely calling a phone with it could lead to a back, it seems like users might reasonably also blame its authors.
aitchnyu · 9h ago
I've been thinking about requiring iMessage and other codebases in memory unsafe languages to be built by WASM compiler with the objective of being memory safe and minimal performance loss.
Meekro · 10h ago
Unfortunately, the smartest programmers in the world (people like Linus Torvalds) sometimes screw up and create security issues. If Linus can't get it 100% right, what hope is there for the rest of us?
Ok ....where is the form so as an ex-whatsapp user, I can get a piece of that 167M pie? Oh... there isnt one... :)
b8 · 5h ago
They're based in Israel, so it's unlikely they'll pay. It's interesting that Zerodium has slowly stopped their gears (at least publicly) even though the USG was buying their exploits to target HVTs. It's like when the DOJ posts an arrest warrant for a Russian or a Chinese military official, it's mainly for show.
notepad0x90 · 7h ago
I'm on NSO's side here. It's quite hypocritical of everyone involved to be against NSO but not gun makers. I don't even want to touch civilians abuse of guns, just governments buying guns from weapons manufacturers and using them in properly sanctioned wars. People are acting like exploits are more dangerous than bullets or restricted like nuclear, biological and chemical weapons, they are not!
The demand is there and the suppliers exist. without companies like NSO, the price of exploits goes up and it becomes more lucrative for malicious actors to sell them to even more nefarious actors. The exploit brokers become more anonymous. And when they sell to the really bad actors, it will require deanonymizing market places on Tor instead of having law suits like this.
It is much better for everyone involved to tolerate companies like NSO and regulate them.
dqv · 7h ago
> It is much better for everyone involved to tolerate companies like NSO and regulate them.
That's what this is. That's what a lawsuit is. This is them being regulated. They aren't being ordered to shut down, they're being ordered to pay damages.
notepad0x90 · 2h ago
no, there is no regulation or law for what they do. This is a civil suit between two companies, it is not a regulation. had they actually violated the law, it would have been a criminal prosecution. civil damages are not government regulation. if you can simply be anonymous, you won't even break the law as you sell to any party.
dqv · 1h ago
> no, there is no regulation or law for what they do
Yes, there is: the CFAA. Corporations and the government have even weaponized criminal complaints against individuals under the law.
> This is a civil suit between two companies, it is not a regulation
The venue in which regulation is enforced does not change its status as a regulation. The distinction between criminal and civil is irrelevant here. (Notwithstanding the possibility of a corrupt judge) Meta would not have been able to continue their suit had there not been a regulation.
> had they actually violated the law, it would have been a criminal prosecution
No, had a prosecutor wanted to pursue an indictment, it would have been a criminal prosecution. A prosecutor's willingness to enforce a law and bring trial is at their discretion. In the same way that charges don't necessarily indicate criminality, a lack thereof doesn't necessarily indicate the absence of wrongdoing.
> civil damages are not government regulation.
Civil laws are regulation. The judge is the regulating authority who enforces the penalty for being out of compliance with those laws, which comes in the form of ordering money damages in this situation.
> if you can simply be anonymous, you won't even break the law as you sell to any party
Yes and maybe the fact that they're anonymous brings it it to the level of criminality in a prosecutor's eyes. That desire to conceal their identity could the turn preponderance of the evidence (civil) into beyond a reasonable doubt (criminal).
Or it could always stay in the civil system. The criminal system is political just like anything else. See above.
sureglymop · 7h ago
I think your last sentence is key. The NSO as far as I'm aware to targets people on an individual level.
It's not hard to phish and hack a single individual as a large organization. It's just a matter of resources and slipping up eventually. With that being said, the exploits they find are interesting and I wish they would publish them in a white hat manner instead.
ktallett · 7h ago
It isn't an either or scenario, NSO can be in the wrong and rightfully fined and weapons can also be sold by governments to the wrong parties. The latter should be regulated as well, not the former being let off as well. Demand shouldn't always equal supply.
jeisc · 9h ago
spying software should be illegal to sell under any circumstance the people who need these programs should be writing them themselves not buying them off the shelf
bell-cot · 9h ago
The same argument could be made about conventional arms.
Unfortunately, 99% of nations prioritize having quick & easy access to weapons.
And for many nations, selling weapons is also a lucrative way to exert influence.
palata · 8h ago
> Unfortunately, 99% of nations prioritize having quick & easy access to weapons.
What?
bell-cot · 5h ago
Re-read user jeisc's comment.
There are 200 or so nations on our planet.
How many of those nations have governments which believe that their own army, air force, & navy should be unable to buy (say) guns, bombs, and torpedoes? Vs. having to hire engineers to design them, then build weapon factories, then build all of their own weapons.
My assertion is that zero-ish of those governments want such legal restrictions.
(And obviously, actual legal restrictions on the sale of spyware might be similarly unpopular, with the people who actually write the our world's laws.)
FirmwareBurner · 8h ago
Your police and military where you live doesn't have easy access to weapons?
palata · 8h ago
I wouldn't call it easy, no.
FirmwareBurner · 8h ago
How would you call it?
rpgwaiter · 13h ago
I wonder what percentage of that $167M will go to the ~1400 victims of this hack (that we know about)
nashashmi · 11h ago
None. WhatsApp has stated it will give to a privacy advocacy organization
TZubiri · 11h ago
0? I understood that the plaintiff is what'sapp. Not sure if it's for damages or punitive.
The victims are probably not citizens of the US so they would be outside of this jurisdiction. That's between those two countries. The reason it's going to the US court is because it occured in US cyberturf (Meta's servers)
TZubiri · 11h ago
This looks like a pretty spicy political bomb. I wonder if the group will pay, I'm assuming they won't, if they do it's because the Israeli government intervened and bailed them out. They are fighting a war after all.
aussieguy1234 · 10h ago
Who gets the damages here, Meta or the hacking victims?
saagarjha · 6h ago
Meta who says they will donate it to digital rights organizations.
This makes me think that NSO is effectively frozen out of the US banking network, and therefore the whatsapp judgement is ineffective to go after US assets in US jurisdictions. So, no disgorgement outside of what banks may have frozen before this lawsuit (if anything) as a result of the Entity list addition.
[1] https://en.wikipedia.org/wiki/NSO_Group
Sometimes I wonder what's so special about Israel that they keep getting away with everything.
Both sides agree it was an accident.
>Israel apologized for the attack, saying that USS Liberty had been attacked in error after being mistaken for an Egyptian ship.[5] Both the Israeli and United States governments conducted inquiries and issued reports that concluded the attack was a mistake due to Israeli confusion about the ship's identity.[6]
It's ridiculous. But the world we live in is also ridiculous, and the internet has enabled idiots to meet in numbers that have never been possible before.
I'm sure we can come up with a ridiculous conspiracy hypothesis around what we're actually seeing when we think we're seeing the moon. Might need to involve time travel to explain historical records.
Israel wanted the US involved and conducted a false flag operation:
“Some intelligence and military officials dispute Israel's explanation.[79] Dean Rusk, U.S. Secretary of State at the time of the incident, wrote: I was never satisfied with the Israeli explanation. Their sustained attack to disable and sink Liberty precluded an assault by accident or some trigger-happy local commander. Through diplomatic channels we refused to accept their explanations. I didn't believe them then, and I don't believe them to this day. The attack was outrageous.[80]”
https://en.m.wikipedia.org/wiki/USS_Liberty_incident
If the attack was due to mistaken identity, wouldn't you expect the Israelis to go all out? I also skimmed the section and there's not much in the way of arguments besides that and "Israel pressured US to admit it was an accident".
The legitimisation lies in the alternatives having been (historically) the Soviet Union, and (now) China.
Their death toll, such as it is, is not even a tenth of the incredible casualty rate of the British. It does not need to be said that they're nowhere near as demonised, except in India. The scope and depth of a civilisation's deaths is not actually all that relevant to how much people hate it.
There is more to it, not only that but they believe that the Jewish state of Israel is needed for Jesus to return to earth.
This belief comes from Thessalonians 2:1-4
"1 Now concerning the coming of our Lord Jesus Christ and our being gathered together to Him, we ask you, brothers, 2 not to be easily disconcerted or alarmed by any spirit or message or letter seeming to be from us, alleging that the Day of the Lord has already come. 3 Let no one deceive you in any way, for it will not come until the rebellion occurs and the man of lawlessness—the son of destruction—is revealed. 4 He will oppose and exalt himself above every so-called god or object of worship. So he will seat himself in the temple of God, proclaiming himself to be God."
So the "temple" is required for the anti-Christ to arise, and for Jesus to return.
Now as to if that actually means the physical Third Temple of Solomon... this is up for theological debate. Some Church Fathers held that the anti-Christ would indeed arise from a physical Third Temple. While other Church Fathers held that the 3rd Temple in Christianity was technically the Church, and so the anti-Christ would arise from her.
Either way, if you side with the first view there is no qualification for a state to be present in order to rebuild the physical Third Temple.
Protestant Evangelicals in America by and large take the first stance I mentioned, and are pretty stalwart in their belief the State of Israel is the vehicle through which this will be achieved.
For those who want additional information, it is called dispensationalism.
This story does not end well for Israel or the people who live there.
It looks to me that it is correlated with whatever this survey defines as "traditionalist": https://www.pewresearch.org/religion/2005/04/15/american-eva...
Traditionalist applies across denominations with different traditions and theology so no idea whether it has a consistent meaning.
The crusades were a reaction to the Arab and Turkish Empires, which by then (between them) invaded at some point (and mostly conquered) Spain, France, southern Italy, most of the Mediterranean, North Africa, Italy, Anatolia, and the Levant, and more.
I had not noticed the Palestinians aggressive expansionist empire.
No comments yet
All that said NSO didn't just distribute/sell the exploits (that would be giving away their secret sauce). Instead they offered what was essentially a managed service for executing the exploits against user selected targets.
https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-N...
https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-N...
https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-N...
https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-N...
(I reregistered recently and was banned for being "inauthentic" -- the URL they linked to which was supposed to detail what part of the policy I broke was broken.)
https://web.archive.org/web/20250506235016/https://about.fb....
https://web.archive.org/web/20250506235104/https://about.fb....
https://web.archive.org/web/20250506235302/https://about.fb....
https://web.archive.org/web/20250506235441/https://about.fb....
[0] https://www.theguardian.com/news/2021/jul/18/revealed-murder...
Why not? There are significant negative externalities to not enforcing cybercrime laws.
For the same reason banks should have a decent vault for cash they aren’t using at this exact moment, since they shouldn’t just depend solely on any robbers getting caught.
EU Cyber Resilience Act (CRA) will soon impose legal security requirements on a wide class of software binaries sold in the EU.
No crime in the world can be made physically impossible. Why would hacking be any different?
> The jury also awarded WhatsApp $444 million in compensatory damages.
The demand is there and the suppliers exist. without companies like NSO, the price of exploits goes up and it becomes more lucrative for malicious actors to sell them to even more nefarious actors. The exploit brokers become more anonymous. And when they sell to the really bad actors, it will require deanonymizing market places on Tor instead of having law suits like this.
It is much better for everyone involved to tolerate companies like NSO and regulate them.
That's what this is. That's what a lawsuit is. This is them being regulated. They aren't being ordered to shut down, they're being ordered to pay damages.
Yes, there is: the CFAA. Corporations and the government have even weaponized criminal complaints against individuals under the law.
> This is a civil suit between two companies, it is not a regulation
The venue in which regulation is enforced does not change its status as a regulation. The distinction between criminal and civil is irrelevant here. (Notwithstanding the possibility of a corrupt judge) Meta would not have been able to continue their suit had there not been a regulation.
> had they actually violated the law, it would have been a criminal prosecution
No, had a prosecutor wanted to pursue an indictment, it would have been a criminal prosecution. A prosecutor's willingness to enforce a law and bring trial is at their discretion. In the same way that charges don't necessarily indicate criminality, a lack thereof doesn't necessarily indicate the absence of wrongdoing.
> civil damages are not government regulation.
Civil laws are regulation. The judge is the regulating authority who enforces the penalty for being out of compliance with those laws, which comes in the form of ordering money damages in this situation.
> if you can simply be anonymous, you won't even break the law as you sell to any party
Yes and maybe the fact that they're anonymous brings it it to the level of criminality in a prosecutor's eyes. That desire to conceal their identity could the turn preponderance of the evidence (civil) into beyond a reasonable doubt (criminal).
Or it could always stay in the civil system. The criminal system is political just like anything else. See above.
It's not hard to phish and hack a single individual as a large organization. It's just a matter of resources and slipping up eventually. With that being said, the exploits they find are interesting and I wish they would publish them in a white hat manner instead.
Unfortunately, 99% of nations prioritize having quick & easy access to weapons.
And for many nations, selling weapons is also a lucrative way to exert influence.
What?
There are 200 or so nations on our planet.
How many of those nations have governments which believe that their own army, air force, & navy should be unable to buy (say) guns, bombs, and torpedoes? Vs. having to hire engineers to design them, then build weapon factories, then build all of their own weapons.
My assertion is that zero-ish of those governments want such legal restrictions.
(And obviously, actual legal restrictions on the sale of spyware might be similarly unpopular, with the people who actually write the our world's laws.)
The victims are probably not citizens of the US so they would be outside of this jurisdiction. That's between those two countries. The reason it's going to the US court is because it occured in US cyberturf (Meta's servers)