14 May 2022; MEMO: The United States' Federal Bureau of Investigation (FBI) had intended to use Israel's infamous Pegasus spyware for its ongoing operations, a report by The New York Times has revealed.
According to the report, the FBI reportedly wrote to the Israeli government back in 2018 of its intention to use Pegasus to collect phone data of those it had already been monitoring and investigating. The agency told the Israeli Defence Ministry that its purchase of the spyware was "for the collection of data from mobile devices for the prevention and investigation of crimes and terrorism, in compliance with privacy and national security laws."
The Pegasus spyware – developed and owned by the Israeli NSO Group – was made infamous over the past few years due to its hacking scandals, particularly in July last year when the University of Toronto's internet watchdog Citizen Lab exposed its client governments' misuse of the spyware through the hacking of around 50,000 phones and devices belonging to journalists, human rights activists, and political critics worldwide.
Phones and devices infected with Pegasus spyware become fully compromised, with the users' data, pictures, messages, and location being made accessible to the governments and agencies targeting them. Even the cameras and microphones on their devices can be activated without the users' knowledge. The infection of the devices can be achieved through the user clicking or opening a message or link, or even without any interaction at all through the latest 'zero-click' malware.
Since the FBI's acquisition of the Pegasus spyware was revealed and confirmed earlier this this year, the agency has insisted that it only purchased it for "product testing and evaluation", particularly in order to assess how rivals of Washington would use it if they acquired it. This latest revelation of the FBI's intention to put the spyware to use in its operations, however, contradicts that claim.
A spokesperson for the bureau, Cathy L. Milhoan, told The New York Times that "The FBI purchased a license to explore potential future legal use of the NSO product and potential security concerns the product poses…As part of this process, the FBI met the requirements of the Israeli Export Control Agency. After testing and evaluation, the FBI chose not to use the product operationally in any investigation".
Despite the bureau's purchase, testing, and intention to use the spyware, the US government sanctioned its developer the NSO Group and placed it on a trade blacklist. A month later, however, it was reported that the Pegasus spyware would be shut down and sold to the US, with the product apparently only to be used for cyber defence.