UK High Court Awards Damages After Finding Saudi-Linked Pegasus Spyware Hacked Dissident’s iPhones
A London High Court judge awarded Saudi satirist and activist Ghanem Al-Masarir more than £3 million (~$4.1M) in damages after finding a “compelling basis” that his iPhones were hacked using NSO Group’s Pegasus spyware, resulting in data exfiltration. The court concluded the intrusion was “directed or authorised” by the Kingdom of Saudi Arabia (KSA) or agents acting on its behalf, rejecting Saudi Arabia’s attempt to avoid the case via state immunity arguments and proceeding after the kingdom stopped participating in the litigation.
The ruling cited digital forensic evidence, including analysis by Citizen Lab researcher Bill Marczak, who identified malicious text messages consistent with Pegasus delivery and attributed the infections to the KSA. Al-Masarir alleged the spyware enabled extensive surveillance capabilities—location tracking, access to stored data, and activation of microphones/cameras—and said the targeting coincided with a 2018 physical assault in London that caused injuries and contributed to severe personal and professional harm, including ending his YouTube activity criticizing the Saudi government.
Timeline
Jan 26, 2026
London High Court awards Al-Masarir over £3 million
On January 26, 2026, Judge Pushpinder Saini awarded Ghanem Al-Masarir more than £3 million in damages after finding compelling evidence that Pegasus spyware infected his devices. The ruling held that the hacking was directed or authorized by Saudi Arabia and recognized severe privacy and personal harms, including psychiatric injury and loss of income.
Dec 31, 2023
Saudi Arabia stops engaging with the litigation
After 2023, Saudi Arabia no longer filed a defense or otherwise engaged with the court proceedings. This non-participation contributed to the court entering summary judgment.
Jan 1, 2022
UK court rejects Saudi Arabia's state immunity claim
In 2022, the High Court rejected Saudi Arabia's attempt to claim state immunity in the case. After this failed defense, the Kingdom later stopped participating in the proceedings.
Jan 1, 2019
Al-Masarir files lawsuit against Saudi Arabia
Ghanem Al-Masarir sued the Saudi government in 2019 over the alleged Pegasus targeting of his phone. The case sought accountability for the spyware intrusion and related harms.
Jan 1, 2018
Al-Masarir's iPhones are targeted with Pegasus spyware
In 2018, Ghanem Al-Masarir's iPhones were hacked using NSO Group's Pegasus spyware, with forensic evidence indicating data exfiltration and surveillance capabilities. The High Court later found a compelling basis that the operation was directed or authorized by Saudi Arabia or its agents.
Jan 1, 2018
Saudi operatives likely assault Ghanem Al-Masarir in London
The court later found Saudi Arabia was probably responsible for a physical assault on Saudi dissident Ghanem Al-Masarir in London as part of efforts to silence his criticism. The assault was described as occurring around the same period as the spyware targeting in 2018.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
UK Court Awards Damages for Saudi Pegasus Spyware Targeting as NSO Seeks Legitimacy via Pall Mall Process
A UK court ordered the Kingdom of **Saudi Arabia** to pay **£3 million** in damages to London-based Saudi dissident **Ghanem Al-Masarir** after finding his iPhones were infected with **NSO Group’s Pegasus** spyware as part of a 2018 targeting campaign attributed to a Saudi operator dubbed **KINGDOM**. The ruling credited expert evidence from **Citizen Lab** researcher **Bill Marczak**, and the damages award covered injury, costs, and lost earnings tied to the spyware targeting and related harms; the decision was framed by advocates as a rare avenue for accountability for victims of mercenary spyware and transnational repression. Separately, civil society groups warned that spyware vendors linked to human rights abuses are attempting to launder their reputations by engaging with diplomatic initiatives intended to curb misuse of commercial hacking tools. The criticism followed an **NSO Group** “transparency report” highlighting its claimed participation in the **Pall Mall Process**—a French- and UK-led effort to develop governance for *Commercial Cyber Intrusion Capabilities (CCICs)*—even as officials said NSO was not invited and participation does not equate to human-rights compliance; critics pointed to continued allegations of Pegasus abuse, including reported targeting of journalists and civil society in countries such as **Serbia**.
1 months ago
Permanent Injunction Against NSO Group Targeting WhatsApp Users with Pegasus Spyware
A U.S. federal judge has issued a permanent injunction prohibiting the NSO Group, an Israeli spyware company, from targeting or infecting WhatsApp users with its Pegasus spyware. The ruling, delivered by Judge Phyllis J. Hamilton of the Northern District of California, stems from a lawsuit filed by Meta, WhatsApp's parent company, in 2019 after NSO was discovered attempting to compromise approximately 1,400 WhatsApp users, including attorneys, journalists, human rights activists, political dissidents, diplomats, and senior government officials. NSO's campaign involved creating fake WhatsApp accounts and targeting Meta's infrastructure to deploy Pegasus, a sophisticated zero-click spyware tool known for exploiting vulnerabilities in widely used software. The court found that NSO's actions caused direct business harm to Meta by undermining the privacy and security assurances that WhatsApp offers its users, particularly its end-to-end encryption based on the Signal Protocol. Judge Hamilton emphasized that unauthorized access to users' personal information constitutes more than reputational damage; it directly interferes with the core service Meta provides. In addition to the injunction, the court ordered NSO to delete any data obtained from targeting WhatsApp users. The judge also reduced the punitive damages awarded to Meta from $167 million to $4 million, citing legal precedents regarding the proportionality of damages to the conduct in question. While NSO argued that the injunction could force it out of business, the company stated that the ruling does not apply to its customers, who may continue using its technology, though legal experts and advocates for spyware victims dispute this interpretation. The decision is seen as a significant precedent for technology companies seeking to protect their platforms from commercial spyware and unlawful surveillance. Will Cathcart, head of WhatsApp, celebrated the ruling as a victory for user privacy and a warning to those who attempt to circumvent encryption protections. The case highlights the ongoing legal and ethical challenges posed by commercial spyware vendors and the importance of judicial intervention in safeguarding digital privacy. The ruling is the culmination of six years of litigation and is expected to influence future cases involving unlawful electronic surveillance. NSO Group, recently acquired by a consortium led by Hollywood producer Robert Simonds, is reviewing the decision but welcomed the reduction in damages. Privacy advocates have praised the court's recognition of the irreparable harm caused by circumventing end-to-end encryption and the broader implications for protecting civil society from targeted surveillance.
1 months ago
US Court Injunction Against NSO Group for WhatsApp Spyware Exploit
A U.S. federal judge has issued a permanent injunction against the Israeli spyware vendor NSO Group, prohibiting the company from using its technology to hack WhatsApp, one of the world's most widely used encrypted messaging applications. The court found that NSO Group had illegally reverse-engineered WhatsApp using a zero-day exploit, which resulted in the compromise of approximately 1,400 user devices. This exploit allowed unauthorized access to personal information, undermining the security and privacy of WhatsApp users globally. The case was brought before the U.S. District Court for the Northern District of California, where Judge Phyllis Hamilton presided over the proceedings. A California jury previously determined that NSO Group's actions constituted a breach, and initially awarded $167 million in punitive damages to Meta, WhatsApp's parent company. NSO Group appealed the ruling, arguing that the damages were excessive and that the injunction would effectively shut down its operations. In her final order, Judge Hamilton reduced the damages to $4 million but maintained the permanent injunction, emphasizing the broader harm caused by unauthorized access to encrypted personal information. The court's decision also requires NSO Group to destroy any code used in the WhatsApp hack, further limiting the company's ability to conduct similar operations in the future. Meta representatives welcomed the verdict, describing it as a significant advancement for user privacy and security. The ruling highlighted NSO Group's alleged role in enabling governments to target dissidents, political opponents, and journalists through its spyware. The case underscores the legal and ethical challenges posed by commercial spyware vendors and their impact on global digital privacy. The court's findings reinforce the importance of robust encryption and the need for legal protections against unauthorized surveillance. The decision sets a precedent for holding spyware vendors accountable for facilitating unauthorized access to secure communications platforms. The outcome of this litigation may influence future regulatory and legal actions against similar companies. The case also demonstrates the willingness of U.S. courts to intervene in matters involving foreign technology firms and the protection of user data. The permanent injunction serves as a warning to other entities considering the development or deployment of similar surveillance tools. The legal battle between Meta and NSO Group has drawn international attention to the risks associated with commercial spyware and the necessity of safeguarding encrypted communications.
1 months ago