The FBI Purchased Pegasus Phone Spyware

An investigation by the New York Times has discovered that the US Federal Bureau of Investigation (FBI) purchased mobile phone spyware from NSO Group. The Pegasus surveillance tools were obtained by the FBI in 2019 and have since become notorious as a result of routine misuse by governments that spied on the phones of journalists, politicians and activists who were not accused of any crimes.

Pegasus, which is known to have been installed on iPhones through the use of zero-click exploits, was evaluated by the FBI over the course of two years. The FBI also considered the purchase of a previously unknown spyware product from NSO Group called Phantom. However, the FBI decided in 2021 against using either Pegasus or Phantom to spy on inhabitants of the USA. The FBI’s decision predates the blacklisting of NSO Group by President Joe Biden in response to concerns that the technology poses a threat to US security and its foreign policy objectives. Apple is also in the process of suing NSO Group for violating the terms for using their products.

The New York Times presents the export of NSO Group phone spyware as an important component of Israel’s diplomatic strategy. Some Israelis have argued that the US blacklisting of NSO Group should be interpreted as an attack on the entire nation. The large amounts of money spent on Israel’s security have helped to fuel the rise of high-technology businesses that include world leaders in the field of electronic communications. Israel has reason to engage in sophisticated intelligence gathering as a consequence of fractious relations with neighboring countries. However, if Israelis want their nation to retain public support amongst Western democracies then there are few mistakes worse than becoming the champions of pernicious phone spyware that can be used to undermine freedom everywhere.

You can read the New York Times summary of their research here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.