Yazılar

Meta Wins $168 Million in Landmark Case Against NSO Group Over WhatsApp Spyware Abuse

/in /tarafından

Meta Platforms has secured a significant legal victory, winning a $168 million verdict against Israeli spyware company NSO Group in a long-running lawsuit over the unauthorized use of WhatsApp servers to deploy spyware on users’ devices. The ruling marks the first major courtroom win against a surveillance firm for the deployment of illegal spyware.

A California jury awarded Meta $444,719 in compensatory damages and $167.3 million in punitive damages, capping a six-year legal battle that began with a 2019 lawsuit. In December, a federal judge had already ruled that NSO unlawfully exploited a WhatsApp vulnerability to implant surveillance software.

Meta hailed the outcome as a step forward for privacy and security”, adding that the verdict sets a precedent in holding spyware developers accountable.

A Rare Glimpse Into the Spyware Industry

The trial revealed rare insights into NSO’s operations:

  • Between 2018 and 2020, NSO charged governments $7 million to hack up to 15 devices simultaneously.

  • Cross-border hacking features cost an additional $1–2 million.

  • NSO maintained a 140-person research team with a $50 million budget, some of which was used to exploit smartphone security flaws.

  • Court testimony confirmed customers included Uzbekistan, Saudi Arabia, and Mexico.

Despite NSO’s claim that its software is intended to fight terrorism and crime, human rights advocates, such as Natalia Krapiva of Access Now, labeled the firm a poster child for surveillance abuses.” She called the ruling a signal to the spyware industry: There will be consequences if you act carelessly or brazenly.”

Continued Secrecy and Legal Resistance

NSO has indicated plans to appeal the verdict, saying it would pursue all legal remedies. Much of the case remained shrouded in secrecy, with Judge Phyllis Hamilton criticizing the firm for withholding evidence and ignoring court orders. The Israeli government even intervened, seizing documents to prevent their disclosure in U.S. courts.

This case, which reached as far as the U.S. Supreme Court, has been closely watched by privacy advocates, surveillance industry players, and governments worldwide, as it underscores both the legal vulnerability of spyware firms and the growing demand for greater accountability in cyber surveillance practices.

Meta Wins $168 Million Verdict Against Spyware Firm NSO Group in Landmark Privacy Case

/in /tarafından

Meta Platforms secured a major legal victory on Tuesday, winning a $168 million verdict against Israeli surveillance firm NSO Group in a landmark case centered on unlawful spyware deployment through WhatsApp. The jury in a California court awarded $444,719 in compensatory damages and $167.3 million in punitive damages, concluding a six-year legal battle.

The case stems from a 2019 lawsuit filed by Meta’s subsidiary WhatsApp, which accused NSO of exploiting a vulnerability in the app to install spyware on users’ phones. A December 2023 ruling had already confirmed NSO’s liability, and Tuesday’s verdict marks a rare legal reckoning for a company in the secretive spyware industry.

Meta hailed the outcome as a step forward for privacy and security,” calling it the first legal victory against the development and use of illegal spyware that threatens global user safety.

NSO, which rose to global notoriety in 2016, is known for its controversial Pegasus spyware, used by governments and intelligence agencies. While the company claims its tools are used to combat terrorism and child exploitation, investigations have linked its software to abusive surveillance practices in countries such as Saudi Arabia, Poland, Mexico, and El Salvador.

In response to the ruling, NSO said it would explore legal options, including an appeal.

The trial also offered a rare glimpse into NSO’s inner workings, revealing details about its 140-person research team, a $50 million budget dedicated to exploiting smartphone vulnerabilities, and clients including Uzbekistan, Saudi Arabia, and Mexico. District Judge Phyllis Hamilton criticized NSO for repeatedly failing to comply with court orders and for withholding key evidence during discovery.

Human rights advocates called the ruling a pivotal moment for accountability in the surveillance industry. Natalia Krapiva of Access Now said it sends a strong message to spyware firms: “There will be consequences if you act recklessly or unlawfully.”

Google Chrome Patches 23-Year-Old Bug That Exposed Users’ Browsing History

/in /tarafından

Google Chrome is finally addressing a longstanding privacy vulnerability that has existed for over two decades. This bug allowed malicious websites to detect whether users had previously visited certain links by exploiting how browsers visually indicate visited links. Although some browsers implemented workarounds over the years, Google’s upcoming update introduces a more comprehensive fix. The patch is set to arrive with Chrome version 136, which is expected to begin rolling out later this month.

The root of the issue lies in the CSS :visited selector—a styling rule that changes the appearance of hyperlinks a user has already clicked on. Typically, visited links appear in purple while unvisited ones are blue. However, because this styling was applied across websites, it created a potential for abuse. If a malicious website included the same link present on another site, it could determine if a user had visited that link simply by checking its appearance, effectively exposing parts of the user’s browsing history.

To address this, Google has implemented a technique known as :visited link partitioning. In a recent post on the Chrome Developers Blog, the company explained that the browser will now partition visited link history on a per-site basis. This means a link visited on one website will no longer be marked as visited on a different domain, preventing cross-site detection through CSS styling. According to Google, this change significantly improves user privacy and prevents sites from identifying previously visited URLs using old exploit techniques.

Interestingly, although the bug was only officially acknowledged in 2022, the underlying issue dates back nearly 23 years, making it one of the oldest privacy flaws to persist in modern web browsers. By partitioning visited link data, Google Chrome is catching up with privacy measures that have become more common in other browsers. This update marks a crucial step forward in Chrome’s ongoing efforts to enhance user privacy and security, especially as users become increasingly aware of how their data is tracked online.