from the staying-abreast-of-technology-by-not-switching-it-on dept.
Despite confirming its purchase, the bureau claims Pegasus was never used in any FBI investigation:
According to the report, the deal struck between the FBI and NSO was a one-year test project worth around $5 million. Despite "not using it at all... like, not even switching it on," according to a source, the FBI renewed the contract for another year, bringing the deal up to $9 million.
The deal was agreed upon following a "long process" of disagreements on how much control NSO Group would retain over its software, a source told The Guardian. The FBI reportedly took issue with NSO's policy of keeping sensors on its technology in order to be alerted if it was moved by a government client and to keep track of its physical location.
In addition, the bureau was reportedly wary of allowing NSO engineers to install Pegasus on FBI computers, instead agreeing to keep the spyware in a large container.
The FBI stated it bought access to NSO's spyware in order to "stay abreast of emerging technologies and tradecraft."
Previously on SN:
- Researchers Call NSO Zero-Click iPhone Exploit "Incredible and Terrifying"
- American Diplomats' iPhones Reportedly Compromised by NSO Group Intrusion Software
- Apple Sues NSO Group for Providing Software to Hack iPhones
- U.S. Places Sanctions on NSO Group, Peddler of Pegasus Spyware
Related Stories
The U.S. Blacklists Makers of Cops' Favorite iPhone Hacking Tool:
NSO Group, an Israeli surveillance firm whose spyware has been peddled to authoritarian governments around the world, has been sanctioned by the U.S. Commerce Department. The new restrictions, which the agency announced in a press release Wednesday, will limit the degree to which American companies can provide parts or services to NSO—a decision that could seriously hobble the vendor's business.
NSO is best known for its commercial malware "Pegasus," a product that can infiltrate smartphones and silently pilfer their contents—from text messages to voice calls to photos. The company also sells a creepy "zero-click" exploit, the likes of which apparently requires no phishing and is said to take advantage of security flaws inherent in iPhones and Android devices to compromise them. In September, it was reported that some 1.65 billion Apple devices had been vulnerable to NSO's malware for a period of several months.
See also: US Cuts Off Pegasus Developer: What You Need To Know About This Spyware
Previously: Israeli Firm NSO Linked to WhatsApp Hack, Faces Lawsuit Backed by Amnesty International
Saudi Crown Prince's WhatsApp Account Reportedly Used to Hack Jeff Bezos
The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit
Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses
Apple sues company known for hacking iPhones on behalf of governments
Apple on Tuesday sued NSO Group, an Israeli firm that sells software to government agencies and law enforcement that enables them to hack iPhones and read the data on them, including messages and other communications:
Earlier this year, Amnesty International said it discovered recent-model iPhones belonging to journalists and human rights lawyers that had been infected with NSO Group malware called Pegasus.
Apple is seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices. It's also seeking damages over $75,000.
[...] NSO Group software permits "attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO's customers," Apple said in the lawsuit filed in federal court in the Northern District of California, saying that it is not "ordinary consumer malware."
Also at The Guardian.
American diplomats' iPhones reportedly compromised by NSO Group intrusion software:
The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.
NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.
"Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers' access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven't received any information nor the phone numbers, nor any indication that NSO's tools were used in this case."
[...] The Israel-based company, recently sanctioned by the US for allegedly offering its intrusion software to repressive regimes and sued by both Apple and Meta's (Facebook's) WhatsApp for allegedly supporting the hacking their customers, says that it will cooperate with any relevant government authority and pass on what it learns from its investigation of the incident.
[...] The spyware company insisted it is unaware of the targets designated by customers using its software.
Researchers call NSO zero-click iPhone exploit 'incredible and terrifying':
Google researchers have described NSO Group's zero-click exploit used to hack Apple devices as "incredible and terrifying," Wired has reported. Project Zero researchers called it "one of the most technically sophisticated exploits we've ever seen" that's on par with attacks from elite nation-state spies.
The Project Zero team said it obtained one of NSO's Pegasus exploits from Citizen Lab, which managed to capture it via a targeted Saudi activist. It also worked with Apple's Security Engineering and Architecture (SEAR) group on the technical analysis.
NSO's original exploit required the user to click on a link, but the latest, most sophisticated exploits require no click at all. Called ForcedEntry, it takes advantage of the way iMessage interprets files like GIFs to open a malicious PDF file with no action required from the victim. It does so by using old code from the 1990s used to process text in scanner images.
Also at: Google Warns That NSO Hacking Is On Par With Elite Nation-State Spies:
The Battle for the World's Most Powerful Cyberweapon [Ed's Comment: If paywalled try https://archive.fo/cbnUR]
In June 2019, three Israeli computer engineers arrived at a New Jersey building used by the F.B.I. They unpacked dozens of computer servers, arranging them on tall racks in an isolated room. As they set up the equipment, the engineers made a series of calls to their bosses in Herzliya, a Tel Aviv suburb, at the headquarters for NSO Group, the world's most notorious maker of spyware. Then, with their equipment in place, they began testing.
The F.B.I. had bought a version of Pegasus, NSO's premier spying tool. For nearly a decade, the Israeli firm had been selling its surveillance software on a subscription basis to law-enforcement and intelligence agencies around the world, promising that it could do what no one else — not a private company, not even a state intelligence service — could do: consistently and reliably crack the encrypted communications of any iPhone or Android smartphone.
(Score: 2) by FatPhil on Friday February 04 2022, @08:50AM (4 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Friday February 04 2022, @02:14PM (3 children)
I would be quite disappointed in the FBI if they didn't get access to the software to understand what it can and can't do. It would be a dereliction of duty to say "no, if we try to understand what it is about, random people on the internet will be unhappy with us." Do you want them to understand what this is about or not? This is like the Brits at the end of the 19th century where they had no interest in pursuing submarine technology because submarines used stealth and subterfuge and that wasn't considered a proper and honorable way for a military to conduct themselves.
(Score: 2) by PiMuNu on Friday February 04 2022, @03:15PM (1 child)
> This is like the Brits at the end of the 19th century
Do you have a source? This source claims
"""
Although British submarines formed a very small part of the Royal Navy overall, Britain possessed the world’s
largest submarine service and they were among the first vessel put to sea when war broke out in 1914.
"""
https://www.harwichanddovercourt.co.uk/submarines-ww1/ [harwichanddovercourt.co.uk]
(Score: 0) by Anonymous Coward on Saturday February 05 2022, @05:18AM
https://www.thehistorypress.co.uk/articles/sea-devils-pioneer-submariners/ [thehistorypress.co.uk] expresses the general sentiment; however, this guy [strangehistory.net] argues differently suggesting that is an over simplification (it is a very good read, but he spends a lot of time showing examples of how the Victorian navy was actually open to innovative ideas, so clearly they wouldn't have opposed the idea of submarine warfare, but doesn't offer much in the way of direct evidence to support his claim).
(Score: 0) by Anonymous Coward on Friday February 04 2022, @03:31PM
> wasn't considered a proper and honorable way for a military to conduct themselves
Bwahahaaaah! Yes, the British Empire that traded in slaves and used naval bombardment against villages and dealt in opioids.... is that the proper and honorable way?
(Score: 2, Funny) by Anonymous Coward on Friday February 04 2022, @09:44AM (5 children)
Where have I heard this one before? oh ya...
"P,S, I love you, the check is in the mail and I promise not to cum in your mouth."
Honest!
(Score: 5, Insightful) by maxwell demon on Friday February 04 2022, @10:03AM (4 children)
Well, maybe this part is telling:
So maybe the FBI didn't buy it for themselves but for another government organization? That way the FBI could rightfully claim that they never used it, and the other organization could rightfully claim to never have bought it. The location detection would of course revealed such a transfer.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by PiMuNu on Friday February 04 2022, @12:47PM
Another thing they could have done is reverse engineered the software to understand what are the holes that Pegasus exploits. Consistent with "testing and evaluation purposes" and "to keep abreast of technology developments" as outlined in TFA.
(Score: 0) by Anonymous Coward on Friday February 04 2022, @03:35PM
It's also plausible that a senior executive manager used his/her bold leadership to buy this thing and then tried to dump it on the beta losers below to study, with executive reports due weekly. And nobody did squat.
(Score: 2) by tizan on Friday February 04 2022, @08:29PM (1 child)
Was not there a deal between US and UK where they will spy on the citizens of the other country because it is illegal to spy on one's own citizen without warrant but don't need any to spy on a foreigner ?
So may be they bought it and gave it to the Brits to spy on US citizens.
(Score: 0) by Anonymous Coward on Sunday February 06 2022, @12:07AM
There was no deal between the US and UK because such a thing would still be illegal in both countries. Instead, they just happened to record the activities of people located in the other country in a way that perfectly matched the holes in that country's capability that were fed into an internationally shared intelligence database. Total coincidence and in no way a form of collusion.
(Score: 4, Interesting) by bradley13 on Friday February 04 2022, @10:13AM (2 children)
It's very striking that no one believes the FBI. How sad is it, that a federal agency has lost all credibility. They have told too many lies, arrested and prosecuted too many people for crimes instigated by their own agents, etc, etc..
It may seem unrelated, but the new attempt to pass the EARN IT bill is part and parcel of the same problem. It isn't just the FBI. It seems that the entire US federal government has lost touch with what their *actual* responsibilities are supposed to be.
And now the latest: Remember the Shrub's WMD tales that justified attacking Iraq? How about a replay? The US has evidence that it wants to use, to justify military intervention in the Ukraine. [nytimes.com] However, "officials would not release any direct evidence of the Russian plan or how they learned of it". Just trust them, while they start yet another war. Only this time, against Russia, it would be just a bit riskier...
Everyone is somebody else's weirdo.
(Score: 2) by Immerman on Friday February 04 2022, @02:35PM
They are an intelligence agency. Committing crimes is their job.
As a domestic agency the FBI should maybe (theoretically) be a little more law abiding, but for something like the CIA their *whole job* is to circumvent the law and discretely perform grossly illegal acts in foreign countries. Surveillance, assassination, theft of government secrets, blackmailing and more subtle forms of manipulation... those and more are the whole reason they exist. It's hardly surprising that when confronted with legal and bureaucratic limitations at home they'd fall back on the extensive skills they were trained to use against every other government that tries to restrict their actions.
(Score: 2, Touché) by Anonymous Coward on Friday February 04 2022, @03:38PM
> How sad is it, that a federal agency has lost all credibility...
Is this the same guy that has been decrying Government Is The Problem themes for 30+ years culminating in literally trying to undermine the election with a comically/criminally inept cast of oddballs and cranks?
(Score: 0) by Anonymous Coward on Friday February 04 2022, @11:25AM
This would never have happened on Walter Skinner's watch.
(Score: 2) by looorg on Friday February 04 2022, @12:27PM
It seems kind of stupid to pay $9 million for something you don't even turn on for two years. I would not have blamed them if they bought it and used it. Clearly it worked. One could possibly even argue then if you bought it why didn't you use it? I'm sure they could have spent 9 million wiser then not using it. They could have hired some people for that kind of money or bought some other interesting then. Much so more then just buying something you didn't use.
Or did it conflict with all their other phone-hack-stuff like An0m or one of the other "anonymous" chat-app stings they kept running?
(Score: 0) by Anonymous Coward on Friday February 04 2022, @03:51PM
someon tried to click-bait zeh fbis?
"dear fbi, by installing our freedom and law upholding software, you agree that we will periodically extract telemetry about the usage of our software to improve our despotism busting capabilities. no personal information will be gathered. click here to AGREE!"