Skip to main content

FBI has been investigating NSO spyware use in hacks since at least 2017

Among lines of inquiry in years-long intelligence probe is whether American hackers gave Israeli firm code needed to infect smartphones
The FBI's official seal seen on an iPhone's camera screen outside the J. Edgar Hoover headquarters in Washington, DC (AFP)

The FBI has been investigating the role of Israeli spyware firm NSO Group Technologies for at least three years over its possible involvement in hacking US residents and companies as well as suspected intelligence gathering on governments, Reuters reported late on Thursday.

The probe was underway by 2017, when FBI officials interviewed one person who spoke to Reuters in an attempt to learn whether American hackers had given NSO any of the code that was needed to infect smartphones.

The FBI conducted more interviews with technology industry experts after Facebook filed a lawsuit in October accusing NSO of exploiting a flaw in Facebook's WhatsApp messaging service to hack 1,400 users, two people who spoke with agents or Justice Department officials told Reuters.

NSO said it sells its spy software and technical support exclusively to governments and that those tools are to be used in pursuing suspected terrorists and other criminals. 

From 'Hello MBS' to a kidnap attempt: Sundance shines spotlight on Saudi schemings
Read More »

The company also said it was not aware of any inquiry.

"We have not been contacted by any US law enforcement at all about any such matters," NSO said in a statement provided by Mercury Public Affairs, a strategy firm headquartered in New York City. 

NSO did not answer additional questions about its employees' conduct but has previously said government customers are the ones who do the hacking.

An FBI spokeswoman said the agency "adheres to DOJ's policy of neither confirming nor denying the existence of any investigation, so we wouldn't be able to provide any further comment”.

Reuters could not determine which suspected hacking targets are the top concerns for investigators or what phase the probe is in. But the company is a focus, and a key issue is how involved it has been in specific hacks, the sources said.

Researchers including those at the University of Toronto's Citizen Lab and Amnesty International have documented the use of Pegasus against journalists, human rights defenders and members of civil society since 2016.

Individuals who have been targeted with the spyware according to their research include Yahya Assiri, Saudi human rights activist, Omar Abdululaziz, a Saudi dissident living in Canada, and Ghanem al-Masariri, a  Saudi dissident and satirist, and New York Times reporter Ben Hubbard.

Abdulaziz filed a lawsuit against NSO Group in Israel in 2018, and Masarir has filed a lawsuit against Saudi Arabia in the UK over allegations that the kingdom used NSO spyware to hack two of his phones in the country.

Earlier this month, a UK High Court granted Masarir permission to proceed with his case.

His lawyer, Martyn Day of Leigh Day solicitors, told Middle East Eye that the case "will not only strengthen protection for critics and dissidents of oppressive regimes, but would also send a clear message that states such as the Kingdom of Saudi Arabia would be prevented from targeting individuals once resident in the UK".

How NSO operates

Part of the FBI probe has been aimed at understanding NSO's business operations and the technical assistance it offers customers, according to two sources familiar with the inquiry.

Suppliers of hacking tools could be prosecuted under the Computer Fraud and Abuse Act (CFAA) or the Wiretap Act, if they had enough knowledge of or involvement in improper use, said James Baker, general counsel at the FBI until January 2018.

The CFAA criminalises unauthorised access to a computer or computer network, and the Wiretap Act prohibits use of a tool to intercept calls, texts or emails.

NSO is known in the cybersecurity world for its "Pegasus" software which can capture everything on a phone, including the text of encrypted messages, and commandeer it to record audio.

A business strategy firm retained on behalf of Amazon.com chief executive Jeff Bezos, FTI Consulting, said this month that NSO could have supplied the software it said Saudi Arabia used to hack Bezos' iPhone.

The phone began sending out more data hours after it received a video from a WhatsApp account associated with Crown Prince Mohammed bin Salman, FTI said. Saudi Arabia called the FTI allegation "absurd," and NSO said it was not involved. Other security experts have said the data was inconclusive.

The FBI is investigating and has met with Bezos, a member of his team told Reuters. A Bezos spokesman did not respond to a request for comment.

Vendors treated as criminals

FBI leaders have indicated that they are taking a hard line on spyware vendors.

'Whether you do that as a company or you do that as an individual, it's an illegal activity'

- FBI cybersecurity official

At a briefing at FBI Washington headquarters in November, a senior cybersecurity official said that if Americans were being hacked, investigators would not distinguish between criminals and security companies working on behalf of government clients.

"Whether you do that as a company or you do that as an individual, it's an illegal activity," the official said.

Among threads the FBI is investigating is whether any US or allied government officials have been hacked with NSO tools and which nations were behind those attacks, according to a Western official briefed on the investigation.

In the past, NSO has denied involvement in some of the instances of attacks on journalists, human rights activists and declined to discuss others, citing client confidentiality requirements.