The FBI Considered Using Pegasus Spyware in Criminal Investigations, Report Says
Israel-based NSO Group has been making waves in the cybersecurity community in recent years, becoming the target of an Apple lawsuit and sanctions from the US government. That didn’t stop the Federal Bureau of Investigation (FBI) from almost using the company’s powerful yet shady Pegasus spyware in criminal investigations, according to a report from The New York Times. The agency ultimately decided against deploying the spyware, but it would seem the project got very close to becoming reality.
NSO Group frames itself as a cyber-intelligence and security firm, but it’s best known for building malware that has been used to surveil activists, journalists, and government officials around the world. Pegasus has become known in the cybersecurity world because of its advanced features and ease of deployment. While most pieces of malware require either physical access or some form of user interaction to install, Pegasus leverages private “zero-day” exploits to install itself silently on targeted smartphones. NSO Group used Apple’s own iCloud service to help stuff the malware onto iPhones, which led to the lawsuit.
Once running on a target device, Pegasus connects to a command and control server from which the operator can monitor communications, activate the camera or microphone, and exfiltrate stored data. It’s a nasty piece of malware, and naturally, the FBI was interested in taking advantage of it for criminal investigations. According to the report, between late 2020 and early 2021, the FBI was testing a version of Pegasus called Phantom that was designed to target US phone numbers. The bureau was apparently so far along in the project that it had drawn up guidelines for federal prosecutors that explained how to talk (or not talk) about the FBI’s use of Pegasus during court proceedings.
The program was shelved in July 2021, which is around the same time Pegasus was found on phones belonging to close associates of murdered journalist Jamal Khashoggi. It was also used to compromise smartphones belonging to US State Department employees working in Africa. This appears to have been a turning point for any planned usage of NSO Group tools. Later in 2021, the US Commerce Department added the company to its entity list, which prohibits US companies from doing business with the firm.
The Times report includes a legal filing from the FBI, which sums up its position. “Just because the FBI ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals,” the bureau says. The FBI probably has malware in its investigative arsenal, just not the malware from NSO Group.
Continue reading
Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive
Microsoft's Tim Stuart doesn't think the company will try to cut PS5 gamers out of future Bethesda titles. The company wants Xbox to be the best destination for its games, but not the only one.
Sony Is Refusing Refunds for Cyberpunk 2077
The Cyberpunk 2077 team at CD Projekt Red has told gamers to seek refunds, but at least some PlayStation 4 players are being denied.
Microsoft Picks Up Ark II as an Xbox Exclusive
Microsoft has added another exclusive to its own stable of games. Ark II, the sequel to the hottest bug simulator of the 2010s and starring Vin Diesel, will apparently debut as an Xbox exclusive, though it’s probably time-limited as opposed to permanently locked away from the platform.The interesting thing about Microsoft choosing to snag Ark…
Fusion Reactor Sets Record By Running for 20 Seconds
A team from South Korea just made a major advancement — the Korea Superconducting Tokamak Advanced Research (KSTAR) device recently ran for 20 seconds. That might not sound impressive, but it doubles the previous record.