The FBI says it bought the NSO Group’s controversial spyware Pegasus, but never used the Israeli-made phone hacking tool.
The bureau told The Guardian that it purchased Pegasus to “stay abreast of emerging technologies and tradecraft” and that the acquisition was meant for only for evaluation purposes.
“There was no operational use in support of any investigation, the FBI procured a limited license for product testing and evaluation only,” the FBI said in a statement.
Researchers say NSO’s Pegasus software can be used to remotely access a phone’s contents, camera and microphone. The Israeli firm says it licenses Pegasus and other surveillance tools on the condition that governments use them only to fight terrorism and other crime.
A source with knowledge of the deal told The Guardian that the bureau was also concerned about possible data “leakage” to other foreign intelligence services. NSO’s customers reportedly include the governments of Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia and the United Arab Emirates.
The New York Times reported that the FBI purchased Pegasus in 2019 during the Trump administration and that the agency considered deploying a newer NSO product called Phantom domestically that “could hack any number in the United States.”
NSO was thrust into the spotlight in July, when an investigation revealed that the company’s military-grade spyware had been used to successfully hack the smartphones of journalists, politicians, activists, heads of state and business leaders around the world.
Using a leaked list of more than 50,000 phone numbers, journalists at 17 media outlets identified over 1,000 people across more than 50 countries who were selected as potential targets by NSO Group’s clients. The phone numbers of the ruler of Dubai’s daughter and his ex-wife, French President Emmanuel Macron and the fiancee of slain Washington Post columnist Jamal Khashoggi were included in the list.
In November, the US Department of Commerce added the Israeli spyware firm to its economic blacklist based on evidence that it sold spyware to foreign governments that “used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
The next month, reports emerged that the phones of at least nine State Department employees based in Uganda or whose work focused on the East African country were hacked with NSO’s software.
NSO has previously stated that its surveillance software doesn’t work on phones with the US +1 country code. However, Reuters reported that the hacked State Department phones were registered to foreign telephone numbers.