FBI acknowledges testing NSO Group spyware –

Department of Justice lawyers at the time argued that if the FBI actually used the device, this could have further complicated the prosecution if the department filed a complaint, according to people who spoke on condition of anonymity due to the delicacy of the matter.

In a statement to The Post, the FBI confirmed that it was testing the spying program, but stressed that it was not used “to support any investigation”.

The FBI statement is the first official confirmation that a US law enforcement agency is testing NSO spyware. Information about the development was first reported by the New York Times.

“The FBI is working diligently on emerging technologies and commerce, not only to explore potential legal uses, but also to fight crime and protect both the American people and our civil liberties,” the statement said. “This means that we regularly evaluate, evaluate and review technical solutions and problems for a variety of reasons, including potential operational and safety issues that could arise in the wrong hands. “There was no operational use to support any investigation, the FBI only had a limited license to test and evaluate the product.”

Pegasus is NSO’s most popular spy app and is incredibly powerful with the ability to secretly extract calls, text messages, pictures and location of iPhone or Android phone users. The NSO says it is only used against bad actors such as gangsters and drug lords, but an investigation by civil society groups revealed that it was used by foreign governments to track down activists, journalists, lawyers and their families.

The Israeli company has repeatedly stated that Pegasus cannot be used on US phones or devices with a US number +1. But it appears that NSO has created a solution, a separate product called Phantom, to allow US law enforcement to monitor US devices. Documentation obtained from the Motherboard technical information site in 2020.

According to the Times, the NSO group presented Phantom’s capabilities to the FBI in 2019 to show that the spying program could “hack any number the FBI chooses to target in the United States.”

The Times also reported that the office paid NSO $ 5 million and renewed the contract for the Pegasus software. The FBI refused to confirm these details.

The NSO group declined to comment on the story.

According to the Times, the FBI decided not to use its spying program last summer when The Post and an international news consortium published a multifaceted investigation that found Pegasus was used to hack the phones of journalists, activists. for human rights and human rights activists. politicians. World.

The company has promised to investigate the abuse of its system and prevent customers from violating the rules of the NSO.

Since then, the British, French and Israeli authorities have launched their own investigations into the use of spy programs in their countries. WhatsApp and Apple, the parent company of Facebook Meta’s parent company, are suing NSO for using it to build Pegasus, while the US government blacklisted NSO for actions against US interests. The company is currently in financial danger.

As part of an investigation into the Pegasus project, The Post reports that the NSO began engaging US intelligence and police on hacking tools in 2014 and in 2019 recruited several prominent American political figures to help clean up the its reputation. But the NSO refused to name government users or answer questions about contracts in the United States, before admitting to the Post last summer that it withheld “top tips from the United States” to help support its “rescue mission.” States.

Israeli private espionage program used to hack the cell phones of journalists and activists around the world

Other institutions in the United States have admitted to applying for the NSO. Last year, the San Diego and Los Angeles police departments told The Post they would remove it, but the license was too expensive. According to the Drug Enforcement Administration Freedom of Information Act request email, and first reported by Motherboard, the program also proved to be very expensive.

Agencies refused to provide information on the squares, but public records show they sent leaflets boasting that the Phantom could be “remote and covert”. [extract] All data from any smartphone ”and“ bridge the law enforcement data gap ”. this brochure was published by a company calling itself the NSO North America subsidiary.

Probable use of NSO spyware by the FBI Experts say it’s legal because wiretapping laws typically provide such permission. Erez Lieberman, a former federal prosecutor who prosecutes criminal hackers in New Jersey, said he will advocate the use of such a device until court approval and under the supervision of the FBI, which makes it very different from ‘use. “From some other regimes”.

Lieberman noted that a decade ago, while still a prosecutor, law enforcement feared that strong encryption on mobile devices would reduce their ability to intercept criminals’ communications. “It should be a tool for law enforcement to prevent crime,” said Lieberman, a partner in the law firm. Linkliner. “The question for us is: what do we think is acceptable?”

How Washington’s power brokers profited from the NSO’s spyware ambitions

But others have suggested the move would likely be controversial if the FBI used NSO tools and made their use public. Human rights groups have long pointed out that Pegasus was used by authoritarian governments to track down their opponents, and the software was used to target Washington Post collaborators who participated in Jamal Khashoggi’s review before assassinating them. Saudi agents in Turkey in 2018.

A few months before Jamal Khashoggi’s assassination, the UAE Agency leaked a Pegasus spy program to his wife’s phone, a new forensic investigation has revealed.

“This is extremely disturbing and raises important questions as to whether Americans’ constitutional rights are adequately protected while the FBI is investigating or using hacking tools,” said John Scott-Rilton, senior researcher at Munk University’s Citizen Lab. Toronto. School of Global Affairs and Public Policy. Citizen Lab’s 2016 reports were one of the first to claim that Pegasus has been used to crack down on journalists and dissidents in countries with a troubling human rights record.

In November, the US Department of Commerce placed NSO on its list of entities; it is a designation that restricts the company’s access to American technology, in some cases a de facto “death sentence” for companies. NSO used servers from American companies such as Amazon Web Services to spread malware, which WhatsApp accuses of suing NSO.

The Commerce Department celebration came after Apple began texting consumers, including 11 employees of the U.S. Embassy in Uganda, that their iPhones had been hacked by Pegasus.

“According to the project, NSO spyware provides extraordinarily invasive and disproportionate access to past and present human digital life,” said Scott Rilton. “It is time for the US government to be more transparent about the use and ethical supervision of such contractors. “Democracies and dictatorships shouldn’t share the hacker toolbox.”

Pegasus spyware used to hack American diplomats working overseas

In the spring of 2019, WhatsApp found that its platform had been hacked by unknown actors who sent Pegasus to around 1,400 phones and devices. The company said in court documents that at least one targeted number had the Washington DC area code.

According to eyewitnesses, the company took the case to the Ministry of Justice. In October of the same year, WhatsApp sued NSO in federal court in San Francisco, claiming that the company’s espionage program was used against victims in 20 countries for a two-week period from late April to mid-May. .

What WhatsApp apparently did not know when it filed the lawsuit, the Times reported, is that “the attack on the US phone number was part of the NSO rallies, not far from an attack by an alien force. Ghost of the FBI. “

He was asked to comment on this report, WhatsApp said: “In all circumstances, our priority is to protect our services from threats that compromise people’s ability to communicate securely with each other. We will continue our efforts to hold NSO accountable for attacks on journalists, human rights defenders and government officials who violate US law. The spyware industry must be prevented from endangering the privacy and security of people in the United States and around the world.

Drew Harwell, Dana Priest and Craig Timber contributed to this report.