Germany’s federal investigative police force held talks with Israeli cyber-espionage firm NSO Group and even purchased its infamous Pegasus spyware, the German newspaper Die Zeit revealed Monday, citing sources within the local defense establishment.
According to the report by Holger Stark, the Federal Criminal Police Office - known in Germany as the Bundeskriminalamt, or BKA - first held talks with NSO in 2017. At the time, the report said, a delegation from NSO even traveled to Wiesbaden, where the BKA is headquartered, to showcase the capabilities of the Pegasus spyware.
Despite initial legal concerns from within the BKA about the spyware, which allows its operators to take full control of any smartphones infected with Pegasus, a deal was inked with NSO in 2019.
The report also notes that the decision to purchase the Israeli-made spyware was made after the BKA failed to develop its own spyware. If successfully installed, Pegasus allows its operators full access to the data of the infected phone, and they can even remotely operate its microphone and camera - unbeknownst to the phone owner.
The BKA is under the oversight of Germany's Interior Ministry and legal officials were concerned the spyware could not meet legal requirements in Germany, which permits such snooping only in very specific and extreme cases.
According to an expert who spoke to Die Zeit, none of the criminal cases pursued by the BKA during this time period attempted to make use of evidence collected through Pegasus. However, according to sources that spoke with the German paper, officials were adamant that any use of the spyware should be done only in cases it is authorized by German law. It is unclear, however, what oversight was done on the actual usage and in what context the program was used, if at all.
The report, which is likely to cause a stir in Germany, adds that lawmakers are expected to be briefed about it later this week.
- After spyware scandal, Israeli NSO touts 'proud family of workers saving lives'
- As NSO scandal proves, Israel’s real red line is the ‘white’ man
- Three stories reveal what Israel prefers to hide about NSO
The news comes two months after Project Pegasus - a global investigation led by Forbidden Stories and Amnesty International into a leaked database of potential targets selected by NSO’s clients. The investigation was conducted together with a consortium of news outlets across the globe, including Die Zeit and Haaretz, and has helped spark a debate about spyware and its misuse by governments.
At the time, the investigation revealed a long list of journalists and human rights activists, as well as world leaders, selected for possible snooping by clients of NSO across the world. NSO denied the reports and labeled them an orchestrated attempt to smear the company; it further said the list at the core of the investigation was arbitrary and had no connection to them or their clients. Since the investigation was published, digital forensics in France and in the U.K. have confirmed that a small handful of those phone numbers selected as potential targets actually had their phones infected.
At the time of the Project Pegasus publications, after it was revealed that a phone number associated with French President Macron was also selected for potential targeting (most likely by the Moroccan intelligence service), other European leaders voiced their concern at NSO and its cyber wares. It is important that hacking software does not get into the wrong hands, German Chancellor Angela Merkel was quoted by Reuters as saying when asked about the Pegasus spyware case at that time. She also told reporters that countries without any judicial oversight of how spying software is used should not have access to it.