FBI probes use of Israeli firm's spyware in personal and government hacks

Israel-based NSO Group has been accused of involvement in hacks against Saudi and Emirati dissidents, as well as against popular messaging app WhatsApp.
4 min read
31 January, 2020
NSO's software has been tied to the murder of Saudi journalist Jamal Khashoggi [Getty]
The FBI is investigating the role of infamous Israeli spyware company NSO Group in possible hacks on American residents, companies and officials, sources familiar with the probe told Reuters.

NSO returned to the spotlight this month after it was accused of supplying the hacking software that enabled Saudi Arabia to allegedly hack Amazon chief Jeff Bezos' phone.

The Israeli software company has for years fought accusations of supplying its Pegasus spyware to authoritarian governments who have used it to hack dissidents' phones.

The FBI has met with Bezos and is investigating the case, sources familiar with the matter told Reuters.

NSO's Pegasus spyware can be delivered in several ways, including - notably - through a WhatsApp message or call. The Amazon boss has accused Saudi Crown Prince Mohammad bin Salman of hacking his phone by way of a photo sent through the messaging app.

Once delivered, the software can capture everything on the device - including the plain text of encrypted messages. It also allows the phone to be turned into a recording device.

NSO could face prosecution in the US if found guilty of supplying the hacking tool with enough knowledge of or involvement in its improper use, said James Baker, former general counsel at the FBI.

Read more: Saudi allegedly hacked Bezos' phone. Don't expect reproach from the White House

Previous statements indicate the FBI is looking to take a hard line against spyware vendors.

At a briefing at the FBI headquarters in Washington late last year, a senior official said that, if Americans were found to have been hacked, the agency would not distinguish between "criminals" and security companies contracted by government clients.

"Whether you do that as a company or you do that as an individual, it's an illegal activity," the official said.

As part of the probe, the FBI is investigating whether any US or allied government officials have been hacked using NSO spyware, and which nations were behind those attacks, an official said.

NSO implicated in Saudi, WhatsApp hacks

NSO came to prominence after the October 2018 killing of Saudi journalist Jamal Khashoggi.

Shortly thereafter, Canada-based Saudi dissident Omar Abdulaziz launched a legal case against NSO over its sale of the Pegasus phone-hacking software to Riyadh.

Abdulaziz alleges Saudi Arabia hacked his phone using the software, exposing his communications with Khashoggi, with whom he was working on several pro-democracy projects, to prying eyes and ears.

Bezos was also allegedly targeted in a Saudi Pegasus hack shortly after the journalist was brutally murdered in the kingdom's Istanbul consulate. Khashoggi worked as a columnist for The Washington Post, which is owned by the Amazon chief.
[Click to enlarge]


Abdulaziz is not the only Middle Eastern dissident based abroad to have alleged a hack using NSO spyware.
Ghanem al-Dosari, a UK-based Saudi satirist and regime critic, last year accused Riyadh of using Pegasus to hack his phone. A UK earlier this month ruled that Dosari could sue the kingdom over the claims.

The spyware has also allegedly been used to target Emirati and Moroccan dissidents, in addition to journalists, civil society activists and government critics in Mexico and a number of other world nations. NSO faces several court cases over the alleged hacks.

Amnesty International has brought legal action against Israel in an attempt to see the ministry of defence revoke NSO's export license, reventing it from selling its contentious product abroad, particularly to regimes that could use it for malicious purposes.

"NSO Group's chilling spyware has put the lives of human rights activists around the world in danger," the rights organisation said earlier this month. 

Facebook has also taken legal action against the company, lodging a lawsuit in San Francisco last October over NSO's alleged targeting of more than 1,000 WhatsApp users.

The social media giant says NSO violated laws including the US Computer Fraud and Abuse Act with a crafty exploit that took advantage of a flaw in the popular communications programme allowing smartphones to be infilitrated just from a missed call.

NSO does not disclose the identities of its clients, but they are believed to include Middle Eastern and Latin American states.

The company says it sells its technology to Israeli-approved governments to help them stop militants and criminals.

Follow us on Twitter and Instagram to stay connected