Legal documents from the ongoing lawsuit between Israeli NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons firm, rather than its government clients, is responsible for "installing and extracting" data from mobile phones targeted by its hacking software, The Guardian wrote.

These revelations emerged from sworn depositions of NSO Group employees, portions of which were made public on Thursday. The lawsuit, filed by WhatsApp in 2019, followed the messaging app’s discovery that 1,400 of its users, including journalists and human rights activists, had been targeted by NSO's spyware over a two-week period.

WhatsApp's case centers on allegations that the Israeli firm, not its international government clients, operates the spyware. NSO has consistently claimed that its technology is designed to combat serious crimes and terrorism, with clients bound by agreements to avoid misuse of the software. The company has also alleged it has no knowledge of who its clients target.

Dive deeper

This latest development comes five years after WhatsApp, owned by Facebook, initially filed the lawsuit and follows the Biden administration’s decision to blacklist NSO in 2021. The Israeli company is known for producing Pegasus, considered one of the world's most advanced hacking tools, which has been used by countries like Saudi Arabia, India, UAE, Mexico, Morocco, and Rwanda to target dissidents and journalists.

The timing of this revelation is significant in the context of Donald Trump’s recent victory in the 2024 presidential election. NSO has been lobbying US lawmakers to be removed from the blacklist, and Trump’s return to the White House could potentially shift US policy on the use of spyware.

WhatsApp pushes for judgment against NSO amid Pegasus abuse revelations

WhatsApp is pushing for a summary judgment in its case against NSO Group, asking the judge to make an immediate ruling. NSO, however, has opposed the motion.

Judge Phyllis Hamilton allowed WhatsApp to present its argument, including previously redacted depositions that had been kept from public view. In one deposition, an NSO employee revealed that customers only needed to provide the phone number of the individual they wanted to target, with the system handling the rest automatically. This meant that the Israeli NSO, not its clients, controlled the process and accessed WhatsApp’s servers while designing and continuously upgrading Pegasus to hack into targeted phones.

During questioning by WhatsApp's legal team, an NSO employee admitted that Princess Haya of Dubai had been one of the 10 individuals whose targeting was so severely abusive that NSO terminated the service.

Read more: Israeli police involved in spying on Israelis using NSO's Pegasus