The FBI confirmed on Wednesday that it had purchased Pegasus spyware from Israel’s NSO Group, but denied ever using it during an operation.
In a statement to the Guardian, the FBI said it purchased the powerful cellphone hacking software in order to “stay abreast of emerging technologies and tradecraft.” The US security agency said it bought a “limited license” to use Pegasus for “product testing and evaluation only,” and said “there was no operational use [of the software] in support of any investigation.”
News that the FBI had purchased the notorious spyware from NSO was first reported by The New York Times last week.
According to that report, a team from NSO went to the US to set up the spyware for the FBI, but also noted that the intelligence agency said it opted not to utilize it.
The FBI told the Times that it would “routinely identify, evaluate and test technical solutions and services for a variety of reasons, including possible operational and security concerns they might pose in the wrong hands.”
The Guardian reported that the FBI purchased a license to use Pegasus in 2019, after a “long process” of negotiations between US officials and NSO.
In November 2021, the US government announced a blacklist of NSO Group alongside a second Israeli spyware company.
The US Commerce Department cited “evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” in explaining its decision.
In an interview aired over the weekend on Channel 12 news, NSO Group CEO Shalev Hulio said the US decision was hypocritical.
“Our technology has over the years helped the interests and national security of the United States quite a bit,” Hulio said. “I think the fact that a company like NSO is on [a US blacklist] is an outrage… I’m sure we’ll be taken off that list. I have no doubt.”
A Washington Post report on Tuesday alleged that NSO offered a US cellphone-security firm “bags of cash” to gain access to cellular networks throughout the country.
The offer was reportedly exposed by a whistleblower who described the encounter between representatives of the two firms in confidential disclosures to the US Justice Department, seen by the newspaper.
Security expert Gary Miller said the offer was made in August 2017 to his employer at the time, California-based company Mobileum, which provides security services to cellular companies.
The report also said that sources had confirmed to the newspaper that there was a US Justice Department criminal probe into NSO underway over the alleged use of the company’s technology to illegally hack phones of journalists, political dissidents and other public figures.
In a statement released by NSO and cited by The Washington Post, NSO said that it had “never done any business with” Mobileum, and that it “does not do business using cash as a form of payment,” noting that it is not aware of any investigation being carried out by the Justice Department.
According to Mobileum chief executive Bobby Srinivasan, the company “does not have — and has never had — any business relationship with NSO Group.”
Pegasus is considered one of the most powerful cyber-surveillance tools available on the market, giving operators the ability to effectively take full control of a target’s phone, download all data from the device, or activate its camera or microphone without the user knowing.