Israeli spyware company NSO Group was ordered by a U.S. federal court on Tuesday to pay WhatsApp and its parent company Meta almost $170 million in damages after its cyber tools were used to hack around 1,400 WhatsApp accounts.
NSO Group has become the poster child in recent years for the mostly underground spyware market, used increasingly by governments to surveil dissidents, journalists and politicians. The ruling, the latest step in a process that began in 2019, is a major win for privacy advocates and those pushing back against NSO Groupâs controversial Pegasus software.
Despite these concerns, WhatsAppâs parent Meta stayed the course and now stands to collect around $167 million in punitive damages and $440,000 in compensatory damages. NSO Group will, of course, appeal. Even if Meta prevails, collecting from an Israeli company that has enjoyed political protection from the Israeli government and may be on shaky financial footing presents significant challenges. Meta isnât wrong when it says it has âa long road ahead to collect awarded damages.â
Whatâs puzzling is how Meta seems to tie the success of that collection to its following statement: âUltimately, we would like to make a donation to digital rights organizations that are working to defend people against such attacks.â Itâs unfortunate that Metaâs meager $16.6 billion in Q1 2025 profit leaves it unable to support digital rights organizations unless it first collects from a financially imperiled Israeli spyware vendor.
Huh! NSO Group has been acquired by a U.S. investment group led by a Hollywood producer.
But thatâs not actually the weirdest part. It turns out that ownership of the company has changed hands several times, including two instances involving U.S.-based investment groups.
Originally founded by Niv Karmi, Shalev Hulio, and Omri Lavie, NSO Group was acquired by U.S. private equity firm Francisco Partners in 2014. Lavie and Hulio retook control of the company in 2019 with help from European private equity firm Novalpina. Then, in 2021, the California-based Berkeley Research Group took over management of the fund. In 2023, Lavie retook control of NSO as majority owner.
In fact, when Apple filed its now-dropped lawsuit against NSO Group in November 2021, it seems likely that the company was owned by the Berkeley Research Group.
I have no idea what to make of any of this, including what it implies for the Meta judgement.
One possibility that may seem far fetched, at first, is that the private sector firm is a front for an intelligence agency. This actually isnât uncommon, with these perhaps the best known examples that have been revealed:
