The FBI is investigating shady cyber-intelligence company NSO Group and the possible use of its phone-hijacking tools in several high-profile hacks, Reuters reported on Thursday.
According to Reuters, a source interviewed by the FBI said the agency has been investigating NSO since at least 2017—when it was looking into whether “NSO obtained from American hackers any of the code it needed to infect smartphones”—and is more recently looking into allegations that NSO was involved in an attack that used its Pegasus malware to hijack some 1,400 phones belonging to dissidents, lawyers, and journalists via a flaw in Facebook-owned messaging service WhatsApp. Two sources told Reuters they had spoken with FBI agents or Department of Justice officials about the matter.
Based near Tel Aviv, NSO Group has denied any role in cyberattacks in the past but justified the use of its tools to target lawyers and journalists. A spokesperson for the company told Reuters, “We have not been contacted by any U.S. law enforcement at all about any such matters.” Reuters wrote it refused to answer questions about employee conduct but, in the past, it has claimed that it simply provides tools to governments which then use them in operations. Sources told the news agency that the FBI investigation centers on what kind of technical support NSO gives to those customers, which in theory could constitute violations of the Computer Fraud and Abuse Act (CFAA) or the Wiretap Act if it can be demonstrated that the company was involved in or knew its tools were being used to commit crimes.
The probe also has a counter-intelligence aspect in which the FBI is trying to ascertain “if any U.S. or allied government officials have been hacked with NSO tools and which nations were behind those attacks,” Reuters wrote, citing a “Western official.”
NSO’s tools have allegedly been by authoritarian governments, notably including the brutal Saudi monarchy. Research by Citizen Lab has indicated that operators of NSO’s Pegasus malware were deploying it in at least 45 countries and that it was used to spy on Omar Abdulaziz, a Saudi dissident living in Canada, while he was in contact with fellow dissident and Washington Post contributor, Jamal Khashoggi. Saudi agents later lured Khashoggi to the nation’s consulate in Turkey, where he was tortured and murdered. (Abdulaziz and other alleged targets are suing NSO.) Reports indicating that Amazon CEO Jeff Bezos received malware from a WhatsApp address belonging to Saudi Crown Prince Mohammed bin Salman were also strongly suggestive of NSO’s tools, or at least a competitor using similar methods.
Saudi Arabia has denied that it hacked Bezos, though FBI agents have met with the CEO, according to Reuters.
NSO is also facing lawsuits from Amnesty International, which seeks to have the company’s export licenses revoked, and Facebook and WhatsApp, which accuse it of violating its terms of service to hack WhatsApp users.
“They want the credibility of having powerful intelligence services as their customers, but at the same time they want to take credit only for the alleged successes while disclaiming responsibility for any of the alleged abuses,” Citizen Lab senior researcher John Scott-Railton told Bloomberg in October 2019. “[The Facebook] lawsuit shatters the illusion of this unaccountable bubble.”