Jury orders NSO to pay $167M for hacking WhatsApp users

Original Article ↗ Hacker News Discussion ↗

Effectiveness of the Verdict and Ability to Collect

  • Several commenters doubt the $167M judgment will bite, given NSO’s placement on the US Entity List and likely exclusion from US banking, making asset seizure difficult.
  • Some expect Israel’s government might quietly cover the cost if NSO pays at all; others think the verdict is largely symbolic “for show.”
  • There’s skepticism that the award will deter well-funded actors who can earn far more from such exploits.

Israel, US Politics, and Perceived Impunity

  • A long subthread argues Israel receives unusually light consequences from the US despite repeated alleged misconduct (USS Liberty incident, nuclear issues, spying, blackmail claims).
  • Explanations offered include: Christian Zionism and end-times theology, Holocaust-related guilt and a perceived debt to Jews, AIPAC and lobbying power, intelligence entanglement, and US geopolitical positioning.
  • Others push back on some historical narratives (e.g., crusader analogies, Soviet role in WWII, Liberty “accident vs. coverup”), noting contested facts and conspiracy thinking; multiple incidents remain described as “unclear” or heavily disputed.

Ethics and Legality of Spyware and Exploit Markets

  • Many see NSO as morally culpable for selling powerful exploits to repressive clients and welcome the verdict as a form of regulation.
  • Others argue exploit vendors are analogous to arms manufacturers: demand will exist regardless, and banning companies like NSO just drives the trade underground and raises prices for worse actors.
  • Counterpoint: this isn’t either/or—both arms exports and spyware should be tightly regulated.

Responsibility for Security: Platforms vs Attackers

  • One view: app security shouldn’t rely on courts; WhatsApp’s vulnerabilities are partly its own fault.
  • Responses stress that law is integral to cybersecurity; you can never make crime physically impossible, so legal deterrence is necessary.
  • Some note even top engineers make mistakes; perfect security is unrealistic, leading to ideas like compiling messaging stacks to WASM for memory safety.

Civil vs Criminal Liability and Regulation

  • Debate over why there are no criminal sanctions: selling exploits is generally legal; using them is what triggers laws like the CFAA.
  • Others argue CFAA and conspiracy provisions could cover NSO-style “exploit-as-a-service,” and that civil suits are themselves a form of regulatory enforcement, even if selective and driven by corporate interests.

Victims and Use of Damages

  • Commenters note none of the ~1,400 known targets will be paid; the plaintiff is WhatsApp/Meta.
  • Meta reportedly plans to donate proceeds to digital rights/privacy groups, which many expect will then be politically ignored.
  • Some express cynicism that meaningful justice appears only when a billion‑dollar company is harmed.