The FBI has confirmed that it purchased the offensive cyber firm NSO Group’s infamous Pegasus spyware, according to a statement published by the Guardian on Wednesday.
In the statement, which confirms Friday’s report by the New York Times, the agency said it had used the spyware, considered one of the most advanced in the world.
“There was no operational use in support of any investigation,” the FBI said, according to the statement to the Guardian's Stephanie Kirchgaessner. It further said the Pegasus spyware was bought to allow the FBI to “stay abreast of emerging technologies and tradecraft.” The FBI said it only purchased a “limited license” for “product testing and evaluation.”
The goal, they said, was to learn more about the system, which allows full remote access to any mobile phone infected with it, and to make sure it did not fall into the “wrong hands,” the report said.
“That means we routinely identify, evaluate, and test technical solutions and problems for a variety of reasons, including possible operational and security concerns they might pose in the wrong hands. There was no operational use in support of any investigation, the FBI procured a limited license for product testing and evaluation only.”
A source told the Guardian that the purchase sparked concerns of data “leakage” and that the Beraeu and NSO disagreed about who would install Pegasus, fearing NSO engines would have access to the FBI’s own systems as part of any integration. The compromise was keeping the system in a storage facility. According to the New York Times, the system is housed in an FBI warehouse in New Jersey.
The source added that the FBI paid up to $5 million to keep the system operational, though it was not making any use of it.
- Finnish diplomats targeted with Israeli NSO’s Pegasus spyware, FM says
- ‘I was in touch with Likud, Israelis’: Pegasus victims fight Hungary, NSO
- The NSO file: A complete (updating) list of individuals targeted with Pegasus spyware
There was no immediate comment by NSO.
The full FBI statement said that: “The FBI works diligently to stay abreast of emerging technologies and tradecraft – not just to explore a potential legal use but also to combat crime and to protect both the American people and our civil liberties.”
The news comes a day after the paper and the Washington Post published a report, attributed to sources, that the FBI was investigating NSO and its spyware and had spoken with victims of the spyware, including one American citizen.
News of the investigation was made as part of a report about a U.S. whistleblower who claimed NSO offered “bags of cash” to gain access to the global cellular network. The whistleblower claims he informed the FBI of the attempt to gain access to the system in 2017. However, it was unclear if their claims were the origin of the FBI investigation.
The claims were made as part of a report by the Project Pegasus consortium which includes the Guardian, the Washington Post, and Haaretz as well as outlets across the world, which are being led by Paris-based NGO Forbidden Stories as, part of a global investigative journalism project into NSO.
The concern that NSO’s spyware could be utilized to snoop on Israeli or American citizens has loomed large in recent years. Pegasus, NSO’s flagship spyware product that can provide clients full access to a smartphone once it is infected, was hardwired not to target Israeli and American numbers, the company has long claimed. However, recent weeks have revealed that to be false.
Last Friday, The New York Times revealed that the CIA, FBI, DEA, the Secret Service and the U.S. military’s Africa Command were all in talks to buy Pegasus from the Israeli firm, despite numerous well-documented cases of its misuse. The FBI even purchased at least the hardware of a Pegasus system in 2019. In May that year, it received a showcase of a newer spyware called Phantom that received a special license allowing it to target numbers with the +1 U.S. dialing code, tailored to the Americans’ needs. The system was never utilized but is still stored in an FBI warehouse, the Times reported.
Recent weeks have also seen revelations that the Israel Police also purchased Pegasus from NSO in 2013. On Tuesday, the police admitted to misuse of the spyware.