FBI probes use of Israeli firm's spyware in personal and government hacks
The FBI is investigating the role of Israeli spyware vendor
NSO Group Technologies in possible hacks on American residents and companies as
well as suspected intelligence gathering on governments, according to four
people familiar with the inquiry.
The probe was underway by 2017, when Federal Bureau of
Investigation officials were trying to learn whether NSO obtained from American
hackers any of the code it needed to infect smartphones, said one person
interviewed by the FBI then and again last year.
NSO said it sells its spy software and technical support
exclusively to governments and that those tools are to be used in pursuing
suspected terrorists and other criminals. NSO has long maintained that its
products cannot target U.S. phone numbers, though some cybersecurity experts
have disputed that.
The FBI conducted more interviews with technology industry
experts after Facebook filed a lawsuit in October accusing NSO itself of
exploiting a flaw in Facebook’s WhatsApp messaging service to hack 1,400 users,
according to two people who spoke with agents or Justice Department officials.
NSO said it was not aware of any inquiry.
“We have not been contacted by any U.S. law enforcement at
all about any such matters,” NSO said in a statement provided by Mercury Public
Affairs strategy firm. NSO did not answer additional questions about its
employees conduct but previously said government customers are the ones who do
the hacking.
A spokeswoman for the FBI said the agency “adheres to DOJ’s
policy of neither confirming nor denying the existence of any investigation, so
we wouldn’t be able to provide any further comment.”
Reuters could not determine which suspected hacking targets
are the top concerns for investigators or what phase the probe is in. But the
company is a focus, and a key issue is how involved it has been in specific
hacks, the sources said.
Part of the FBI probe has been aimed at understanding NSO’s
business operations and the technical assistance it offers customers, according
to two sources familiar with the inquiry.
Suppliers of hacking tools could be prosecuted under the
Computer Fraud and Abuse Act (CFAA) or the Wiretap Act, if they had enough
knowledge of or involvement in improper use, said James Baker, general counsel
at the FBI until January 2018.
The CFAA criminalizes unauthorized access to a computer or
computer network, and the Wiretap Act prohibits use of a tool to intercept
calls, texts or emails.
NSO is known in the cybersecurity world for its “Pegasus”
software other tools that can be delivered in several ways. The software can
capture everything on a phone, including the plain text of encrypted messages,
and commandeer it to record audio.
A business strategy firm retained on behalf of Amazon.com
Inc Chief Executive Jeff Bezos, FTI Consulting, said this month that NSO could
have supplied the software it said Saudi Arabia used to hack Bezos’ iPhone.
The phone began sending out more data hours after it
received a video from a WhatsApp account associated with Crown Prince Mohammed
bin Salman, FTI said. Saudi Arabia called the FTI allegation “absurd,” and NSO
said it was not involved. Other security experts said the data was
inconclusive.
The FBI is investigating and has met with Bezos, a member of
his team told Reuters. A Bezos spokesman did not respond to a request for
comment.
FBI leaders have indicated that they are taking a hard line
on spyware vendors.
At a briefing at FBI Washington headquarters in November, a
senior cybersecurity official said that if Americans were being hacked,
investigators would not distinguish between criminals and security companies
working on behalf of government clients.
“Whether you do that as a company or you do that as an
individual, it’s an illegal activity,” the official said.
In the counterintelligence aspect of the probe, the FBI is
trying to learn if any U.S. or allied government officials have been hacked
with NSO tools and which nations were behind those attacks, according to a
Western official briefed on the investigation.
Outside of government, journalists, human rights activists
and dissidents in several countries have been victims of attacks using NSO
spyware, according to the University of Toronto’s Citizen Lab researchers.
In the past, NSO has denied involvement in some of those
instances and declined to discuss others, citing client confidentiality
requirements.
Comments
Post a Comment