Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

FBI Confirms It Bought Spyware From Israel’s NSO Group

The FBI has confirmed purchasing NSO Group’s powerful spyware tool Pegasus, whose chronic abuse to surveil journalists, dissidents and human rights activists has long been established. It suggested its motivation was to “stay abreast of emerging technologies and tradecraft.”

The FBI has confirmed purchasing NSO Group’s powerful spyware tool Pegasus, whose chronic abuse to surveil journalists, dissidents and human rights activists has long been established. It suggested its motivation was to “stay abreast of emerging technologies and tradecraft.”

The agency added in a statement Wednesday that it obtained a limited license from the Israeli firm “for product testing and evaluation only,” never using it operationally or to support any investigation.

But critics wondered why the premier U.S. law enforcement agency would need to pay for access to a notorious surveillance tool that has been extensively researched by public interest cyber sleuths if its interest was so limited.

“Spending millions of dollars to line the pockets of a company that is widely known to serially facilitate widespread human rights abuses, possible criminal acts, and operations that threaten the U.S.’s own national security is definitely troubling,” said Ron Deibert, director of Citizen Lab, the University of Toronto internet watchdog that has exposed dozens of Pegasus hacks since 2016.

“At the very least, this seems like a terribly counterproductive, irresponsible, and ill-conceived way” to keep abreast of surveillance tech, he added.

An FBI spokesperson did not say what the agency paid NSO Group or when, but The New York Times reported last week that it obtained a one-year license for $5 million, testing it in 2019. On Wednesday, The Guardian quoted a source familiar with the deal as saying the FBI paid $4 million to renew the license but never used the spyware, which infiltrates a target’s smart phone, granting access to all its communications and location data and converting it into a remote eavesdropping device.

In November, the U.S. Commerce Department blacklisted NSO Group, barring it from access to U.S. technology. Apple subsequently sued the company, calling it “amoral 21st century mercenaries.”

NSO Group has said Pegasus is programmed not to target phones with the +1 U.S. country code, but American citizens living abroad have been among its victims.

Deibert, of Citizen Lab, called for a congressional investigation. Sen. Ron Wyden of Oregon said in a statement that the U.S. public deserves greater transparency from its government about any “relationships with NSO and other cyber-mercenaries” and should know if its government “believes the use of these tools against Americans is legal.”

People hacked with Pegasus have included Uganda-based U.S. diplomats, Mexican and Saudi journalists, leading members of Poland’s opposition, the ex-wife of Dubai’s ruler and her British lawyers, Palestinian human rights activists and Finnish diplomats.

NSO does not identify its clients but says it sells its products only to state security agencies upon approval of Israel’s Defense Ministry. It says the products are intended to be used against criminals and terrorists.

[ ReadGoogle Says NSO Pegasus Zero-Click Most Sophisticated Exploit Ever Seen ]

The key parts of the FBI statement issued Wednesday, initially in response to a request from the Guardian:

“The FBI works diligently to stay abreast of emerging technologies and tradecraft — not just to explore a potential legal use but also to combat crime and to protect both the American people and our civil liberties. That means we routinely identify, evaluate, and test technical solutions and services for a variety of reasons, including possible operational and security concerns they might pose in the wrong hands.”

“The FBI procured a limited license for product testing and evaluation only, there was no operational use in support of any investigation. Since our testing and evaluation is complete, and we chose not to proceed with use of the software, the license is no longer active. Accordingly, the software is no longer functional.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.