NSO Group says Pegasus is programmed not to target phones with the US country code +1, but US citizens living abroad have been among its victims
The FBI has confirmed the purchase of the NSO Group’s powerful spyware, Pegasus, whose chronic abuse to monitor journalists, dissidents and human rights activists is long established. He suggested his motivation was to “keep abreast of emerging technologies and craftsmanship”.
The agency added in a statement Feb. 2 that it had obtained a limited license from the Israeli company “for product testing and evaluation only,” never using it operationally or to support an investigation.
But critics have questioned why America’s top law enforcement agency should pay for access to a notorious surveillance tool that has been thoroughly researched by public interest cyber sleuths if its usefulness is so limited.
“Spending millions of dollars to line the pockets of a company widely known to serially facilitate widespread human rights abuses, possible criminal acts and operations that threaten the national security of the United States is truly troubling. “, said Ron Deibert, director of Citizen Lab. , the University of Toronto internet watchdog that has exposed dozens of Pegasus hacks since 2016.
“At the very least, it seems like a terribly counterproductive, irresponsible and ill-conceived way” of keeping abreast of surveillance technologies, he added.
An FBI spokesperson did not say what the agency paid the NSO Group or when, but The New York Times reported last week that it was granted a one-year license for $5 million. , testing it in 2019. On February 2, The Guardian quoted a source familiar with the deal as saying that the FBI paid $4 million to renew the license but never used the spyware, which infiltrates the smartphone of a target, giving access to all of its communication and location data and converting it into a remote listening device.
In November, the US Department of Commerce blacklisted NSO Group, denying it access to US technology. Apple later sued the company, calling it “the amoral mercenaries of the 21st century”.
NSO Group said Pegasus is programmed not to target phones with the US country code +1, but US citizens living abroad have been among its victims.
Deibert, of Citizen Lab, called for a congressional investigation. Senator Ron Wyden of Oregon said in a statement that the American public deserves greater transparency from his government about any “relationship with the NSO and other cyber mercenaries” and should know if his government ” believes that the use of these tools against Americans is legal.” ”
Among those hacked with Pegasus are US diplomats based in Uganda, Mexican and Saudi journalists, prominent members of the Polish opposition, the Dubai ruler’s ex-wife and her British lawyers, Palestinian human rights activists man and Finnish diplomats.
NSO does not identify its customers but says it only sells its products to state security agencies with the approval of the Israeli Defense Ministry. It states that the products are intended for use against criminals and terrorists.
Key points from the FBI statement released on Wednesday, initially in response to a request from the Guardian:
“The FBI works diligently to keep abreast of emerging technologies and crafts – not only to explore potential legal use, but also to fight crime and to protect both the American people and our civil liberties. This means that we regularly identify, evaluate and test technical solutions and services for a variety of reasons, including possible operational and security issues that they could land in the wrong hands.
“The FBI was granted a limited license for product testing and evaluation only, there was no operational use in support of an investigation. Since our testing and evaluation is complete and we have choose not to continue using the software, the license is no longer active and the software is no longer functional.