WASHINGTON — The FBI confirmed the purchase of NSO Group’s powerful spyware program Pegasus. This tool has been used to repeatedly spy on journalists and dissidents, as well as human rights activists, for years. It stated that its motivation was to keep up with emerging technologies and tradecraft.
In a Wednesday statement, the agency stated that it had obtained a limited license for product testing and evaluation from an Israeli company. It was never going to use it operationally nor supporting any investigation.
Critics wondered why the U.S.’s premier law enforcement agency would have to pay for access to a well-known surveillance toolby cyber sleuths of public interest, if it was so insignificant.
“Spending millions of money to line the pockets of companies that are widely known to serially enable widespread human rights abuses and possible criminal acts, as well as operations that threaten the U.S. own national security, is definitely troubling,” Ron Deibert, director of Citizen Lab at the University of Toronto, said. He has exposed numerous Pegasus hacks since 2016.
He said, “At the minimum, this seems like an incredibly counterproductive, irresponsible and ill-conceived method” to keep up with surveillance tech.
A spokesperson for the FBI did not disclose what NSO Group was paid. However, The New York Times reported last Wednesday that NSO Group had purchased a $5 million one-year license and will be testing it in 2019. The Guardian reported Wednesday that the FBI had paid $4 million for the renewal of the license, but never used the spyware. According to a source, the spyware infiltrates the target’s phone and gives it access to its location data, as well as converting it into an remote eavesdropping device.
The U.S. Commerce Department blacklisted NSO Group in November. This prohibited it from having access to U.S. technology. Apple sued NSO Group, calling it “amoral 21st-century mercenaries”.
NSO Group claims that Pegasus was not programmed to target phones with the U.S. +1 country code. However, American citizens who live abroad have been among its victims.
Citizen Lab’s Deibert called for a congressional investigation. Senator Ron Wyden, Oregon, stated in a statement that the U.S. government should be more transparent about its “relationships” with NSO and other “cyber-mercenaries”. He also said that Americans deserve to know if their government believes the use of these tools against Americans was legal.
Pegasus has hacked into the accounts of U.S. diplomats based in Uganda, Mexican and Saudi journalists as well as leading members of Poland’s opposition, the exwife of Dubai’s ruler, her British lawyers, Palestinian human right activists, and Finnish diplomats.
NSO doesn’t identify its clients, but it says that it only sells its products to state security agencies after approval by Israel’s Defense Ministry. The products are designed to be used against terrorists and criminals, according to NSO.
These are the key components of the FBI statement that was issued Wednesday in response to a Guardian request.
The FBI is committed to staying abreast with new technologies and tradecraft. This not only allows us to investigate legal uses but also helps combat crime and protect the American people as well as our civil liberties. This means that we regularly identify, evaluate, test, and report on technical solutions and services, for both operational and security reasons.
The FBI obtained a limited license to test and evaluate products only. There was no operational use for any investigation. The license is no more active because our evaluation and testing are complete. The software has been removed from the market.
