An intel unit of the New York Police Department received a showcase demonstration of the infamous Pegasus spyware made by the Israeli offensive cyber firm NSO Group, Motherboard revealed on Wednesday based on an email they obtained as part of a freedom of information request.
The NYPD or NSO did not respond to Motherboard’s request for comment. Motherboard is the tech news site of Vice and in the past revealed that NSO was pitching its spyware to U.S. police agencies and even the DEA through the cyberfirm’s American subsidiary Westbridge.
The email confirms their previous reporting and recent reports by the New York Times, according to which NSO was hoping to enter the American market from about 2015. The date coincides with the timeline revealed in the Times, which reported two weeks ago that NSO was in talks with a number of U.S. federal agencies from about 2015 and as late as 2019, even selling a limited version of its services to the FBI in 2017.
The Times and Motherboard both show that NSO was using the same brochure - which promises to turn any phone into an “intelligence goldmine” - as part of its pitch to both federal and local American agencies.
According to Motherboard, in August 2015, the head of a program run by the Department of Homeland Security in the New York and New Jersey area said in an email to partners in local law enforcement that, “There will be a demo of the attached investigative software.” The software in question was NSO’s spyware, and according to the email it was to be showcased to an “audience” of local police and fire fighter officials, as well as “NYPD intel.”
According to Vice, “NYPD intel” is most likely a reference to the NYPD’s Intelligence Bureau.
- How to Check if Your Cellphone Is Infected With Pegasus Spyware
- Explainer: What Israel Police Did, Who Was Hacked and How It May Affect Bibi’s Trial
- The Export Turns on Its Master: What to Make of Israeli Ministers' 'Shock' Over NSO
The email also included a brochure for the Pegasus spyware, which promised access to targets phone calls, contacts, emails, WhatsApp messages, as well as tracking their location and other surveillance services.
The brochure, which bears Westbridge’s logo, says Pegasus can “Turn Your Target’s Smartphone into an Intelligence Gold Mine.”
Motherboard was the first to reveal that NSO was pitching its spyware to American agencies - reporting in the past that the San Diego Police Department and the Los Angeles Police Department also received pitches for a new spyware based on Pegasus called Phantom. This is the software revealed by the NYT to have been created by NSO specifically for the American market and pitched to the FBI due to its ability to hack American numbers, a capability Pegasus is reportedly hardwired not to be able to do.
In their initial reporting, Motherboard revealed details about NSO, their products and American officials to them. For example, in another email published by the Vice site in 2020, a SDPD officer called the spyware “awesome”.
The emails obtained by Motherboard at the time also revealed other products, for example a tool called “Landmark” and another called “Hook.” These technologies, a former NSO worker told Vice at the time, made use of the global roaming protocol known as the SS7 to geolocate targets. Motherboard also reported that the DEA were in talks to buy the software, but ended up passing on them due to its high cost, a fact also by the Times confirmed a few weeks ago.
The news comes a week after the paper and the Washington Post published a report, attributed to sources, that the FBI was investigating NSO and its spyware and had spoken with victims of the spyware, including one American citizen.
News of the investigation was made as part of a report about a U.S. whistleblower who claimed NSO offered “bags of cash” to gain access to the global cellular network. The whistleblower claims he informed the FBI of the attempt to gain access to the system in 2017. However, it was unclear if their claims were the origin of the FBI investigation.
The claims were made as part of a report by the Project Pegasus consortium which includes the Guardian, the Washington Post, and Haaretz as well as outlets across the world, which are being led by Paris-based NGO Forbidden Stories as, part of a global investigative journalism project into NSO.
The concern that NSO’s spyware could be utilized to snoop on Israeli or American citizens has loomed large in recent years. Pegasus, NSO’s flagship spyware product that can provide clients full access to a smartphone once it is infected, was hardwired not to target Israeli and American numbers, the company has long claimed. However, recent weeks have revealed that to be false.
Last Friday, The New York Times revealed that the CIA, FBI, DEA, the Secret Service and the U.S. military’s Africa Command were all in talks to buy Pegasus from the Israeli firm, despite numerous well-documented cases of its misuse. The FBI even purchased at least the hardware of a Pegasus system in 2019. In May that year, it received a showcase of a newer spyware called Phantom that received a special license allowing it to target numbers with the +1 U.S. dialing code, tailored to the Americans’ needs. The system was never utilized but is still stored in an FBI warehouse, the Times reported.
Recent weeks have also seen revelations that the Israel Police also purchased Pegasus from NSO in 2013. On Tuesday, the police admitted to misuse of the spyware.