FBI came close to deploying NSO’s spyware, may use similar tools in future – report
New York Times says officials from US agency pushed for use of controversial Israel-made tech before shelving plans amid negative publicity
A number of officials from the US Federal Bureau of Investigation made efforts to advance the deployment of Pegasus, the infamous phone-hacking software developed by Israel’s NSO Group, The New York Times reported Saturday.
The FBI officials pushed for the use of the hacking software in late 2020 and the first half of 2021, according to documents revealed after a Freedom of Information Act lawsuit was brought by the newspaper.
“The officials developed advanced plans to brief the bureau’s leadership, and drew up guidelines for federal prosecutors about how the FBI’s use of hacking tools would need to be disclosed during criminal proceedings,” the report said.
The report said it was unclear if the FBI planned to use the tech on American nationals or foreign citizens.
Earlier this year, the newspaper revealed that the FBI had also tested NSO’s Phantom software, which is capable of hacking US phones.
The FBI ultimately decided against using NSO’s hackware as it became clear that it had been linked to human rights violations around the world and as negative publicity about the tool increased, the report said.
According to the documents released to the Times, on July 22, 2021, the decision was made to “cease all efforts regarding the potential use of the NSO product.”
However, according to recent court documents, the report said, the bureau has not ruled out the possibility of deploying similar tech in the future.
“Just because the FBI ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals,” read a legal brief submitted on the bureau’s behalf last month.
The report said that in September and October of 2020, FBI officials built a presentation that included “detailed discussions of the potential risks or advantages of using the NSO tool” as well as “proposals for specific steps the FBI or [US Department of Justice] should take before making a decision about whether to use it.”
On March 29, 2021, the FBI’s Criminal Investigative Division distributed an internal memorandum explaining recommendations supporting the use of Pegasus “under certain specific conditions,” the report said, adding that those conditions were redacted.
The department also proposed guidelines for government lawyers needing to address the use of spyware.
The FBI’s purchase of the software was initially revealed in January. Since then, the bureau has asserted that it only purchased Pegasus to assess how rivals of the US may put it to use. The bureau has paid approximately $5 million to NSO, the report said.
Last year, FBI chief Christopher A. Wray told senators behind closed doors that while the FBI had purchased and used Pegasus, it was “to be able to figure out how bad guys could use it, for example.”
Wray made the comments weeks after the US Department of Commerce blacklisted two Israeli phone spyware companies, NSO Group and Candiru, adding them to the list of foreign companies that engage in malicious cyber activities.
A spokesperson for the FBI said: “The director’s testimony was accurate when given and remains true today — there has been no operational use of the NSO product to support any FBI investigation.”
However, the Times reported in May that the FBI wrote to the Israeli government in 2018 that it intended to use Pegasus.
The report said that an official within the FBI’s operational and technology division wrote in a letter to the Defense Ministry that the bureau’s purchase of the spyware was “for the collection of data from mobile devices for the prevention and investigation of crimes and terrorism, in compliance with privacy and national security laws.”
The report indicated that the agency ended up testing the software internally but likely did not use it.
NSO, the Israeli firm responsible for developing Pegasus, has been engulfed in controversy over reports that tens of thousands of human rights activists, journalists, politicians, and business executives worldwide were listed as potential targets of its Pegasus software.
Smartphones infected with Pegasus are essentially turned into pocket spying devices, allowing the user to read the target’s messages, look through their photos, track their location and even turn on their camera and microphone without them knowing.
NSO says it sells Pegasus only to governments to fight crime and terrorism. All sales require approval from the Defense Ministry. It insists it has safeguards in place to prevent abuse and that it has terminated several contracts due to the inappropriate use of Pegasus.
Michael Horovitz contributed to this report.