Israel-based NSO Group has been making waves in the cybersecurity community in recent years, becoming the target of an Apple lawsuit and sanctions from the US government. That didn’t stop the Federal Bureau of Investigation (FBI) from almost using the company’s powerful yet shady Pegasus spyware in criminal investigations, according to a report from The New York Times. The agency ultimately decided against deploying the spyware, but it would seem the project got very close to becoming reality.
NSO Group frames itself as a cyber-intelligence and security firm, but it’s best known for building malware that has been used to surveil activists, journalists, and government officials around the world. Pegasus has become known in the cybersecurity world because of its advanced features and ease of deployment. While most pieces of malware require either physical access or some form of user interaction to install, Pegasus leverages private “zero-day” exploits to install itself silently on targeted smartphones. NSO Group used Apple’s own iCloud service to help stuff the malware onto iPhones, which led to the lawsuit.
Once running on a target device, Pegasus connects to a command and control server from which the operator can monitor communications, activate the camera or microphone, and exfiltrate stored data. It’s a nasty piece of malware, and naturally, the FBI was interested in taking advantage of it for criminal investigations. According to the report, between late 2020 and early 2021, the FBI was testing a version of Pegasus called Phantom that was designed to target US phone numbers. The bureau was apparently so far along in the project that it had drawn up guidelines for federal prosecutors that explained how to talk (or not talk) about the FBI’s use of Pegasus during court proceedings.
The program was shelved in July 2021, which is around the same time Pegasus was found on phones belonging to close associates of murdered journalist Jamal Khashoggi. It was also used to compromise smartphones belonging to US State Department employees working in Africa. This appears to have been a turning point for any planned usage of NSO Group tools. Later in 2021, the US Commerce Department added the company to its entity list, which prohibits US companies from doing business with the firm.
The Times report includes a legal filing from the FBI, which sums up its position. “Just because the FBI ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals,” the bureau says. The FBI probably has malware in its investigative arsenal, just not the malware from NSO Group.
Now read:
- Apple Announces Lockdown Mode to Combat Cyberattacks
- FBI Searched Potentially Millions of Americans’ Personal Data Without Warrants Last Year
- Apple Abandoned Encrypted iCloud Backups After FBI Intervened