WASHINGTON – The FBI informs the Israeli government of a 2018 letter that it purchased Pegasus, a notorious hacking tool, from collecting data from mobile phones to aid ongoing investigations, to the clearest documentary evidence to date that we have been using spyware as a tool. of law enforcement.
The FBI’s description of its intended use of Pegasus came from a letter from a top FBI official to the Israeli Ministry of Defense that was reviewed by The New York Times. Pegasus is produced by an Israeli firm, NSO Group, which needs to gain approval from the Israeli government before it can sell the hacking tool to a foreign government.
The 2018 letter, written by an official in the FBI’s operational technology division, states that the bureau intended to use Pegasus “to collect data from mobile devices for the prevention and investigation of crime and terrorism, compliance with privacy and national security laws. . “
The Times revealed in January that the FBI had purchased Pegasus in 2018 and, over the next two years, tested the spyware at a secret facility in New Jersey.
Since the article’s publication, FBI officials have acknowledged that they considered deploying Pegasus but emphasized that the bureau purchased the spying tool to test and evaluate it – clearly to determine how adversaries might use it. They said the bureau never used the spyware in any operation.
During a congressional hearing in March, the FBI Director, Christopher A. Wray, said the bureau had purchased a “limited license” for testing and evaluation “as part of our routine responsibilities for evaluating technologies that are not out there, just from a perspective. of could be used someday legally, but also, more importantly, what are the security concerns raised by those products. “
“So, very different from using it to anyone investigating,” he said.
The Times revealed that the FBI had also received a demonstration by NSO of a different hacking tool, Phantom, that could do what Pegasus couldn’t – target and infiltrate US cellphone numbers. After the demonstration, government lawyers spent years debating whether to buy and deploy Phantom. It wasn’t until last summer that the FBI and the Justice Department decided not to deploy NSO hacking tools in operations.
The FBI has paid nearly $ 5 million to NSO since the bureau first purchased Pegasus.
The Times has sued the FBI under the Freedom of Information Act for bureau documents related to the purchase, testing and possible deployment of NSO spyware tools. During a court hearing last month, a federal judge set a deadline for Aug. 31 for the FBI to produce all relevant documents or be held in contempt. Government lawyers said the bureau thus far had identified more than 400 pages of documents that were responsive to the request.
The FBI letter to NSO, dated Dec. 4, 2018, stated that “the United States Government will not sell, deliver or otherwise transfer to any other party without prior approval of the Government of Israel.”
Cathy L. Milhoan, an FBI spokeswoman, said the bureau “works diligently to stay abreast of emerging technologies and tradecraft.”
“The FBI purchased a license to explore potential future legal uses of the NSO product and potential security concerns the product poses,” she continued. “As part of this process, the FBI met the requirements of the Israeli Export Control Agency. After testing and evaluation, the FBI chose not to use the product operationally in any investigation. “
The Times article revealed in January that the CIA arranged in 2018 and paid for the government’s acquisition of Djibouti to assist Pegasus in its government’s counterterrorism operations, despite longstanding concerns about human rights abuses there.
Pegasus is a so-called zero-click hacking tool – it can remotely extract everything from a target’s mobile phone, including photos, contacts, messages and video recordings, without having the user click on a phishing link to give Pegasus remote access. It can also turn phones into tracking and secret recording devices, allowing the phone to spy on its owner.
NSO has sold Pegasus to dozens of countries, which have used spyware as part of its investigations into terrorist networks, pedophile rings and drug kingpins. But it has also been abused by authoritarian and democratic governments alike to spy on journalists, human rights activists and political dissidents.
On Tuesday, the chief of Spain’s intelligence agency was ousted after recent revelations that Spanish officials were both deployed and victims of Pegasus spyware.
The firing of the official, Paz Esteban, came days after the Spanish government said that senior Spanish officials, including Prime Minister Pedro Sánchez and Defense Minister Margarita Robles, had been penetrated by Pegasus last year. It was also revealed recently that the Spanish government used Pegasus to infiltrate the cellphones of Catalan separatist politicians.
Israel has used the tool as a bargaining chip in diplomatic negotiations, most notably in the secret talks that led to the so-called Abraham Accords that normalized relations between Israel and several of its historic Arab adversaries.
In November, the Biden administration put NSO and another Israeli firm on a “blacklist” of firms that are forbidden from doing business with American companies. The Commerce Department said the companies’ spyware tools had “enabled transnational repression of foreign governments, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside their sovereign borders to silence silence.”
Mark Mazzetti reported from Washington, DC Ronen Bergman from Tel Aviv.