The Federal Bureau of Investigation almost deployed a highly controversial Israeli hacking tool called Pegasus that could have obtained sensitive content from Americans’ cell phones, according to a report.
Pegasus one of the most powerful cyber weapons in the world because it is a zero-click hacking tool that can be covertly installed on a target’s cell phone in order to extract private messages, photos, contacts, messages and video recordings.
After months of testing and an internal push to deploy it, the FBI ultimately chose in July 2021 not to deploy the tool in criminal investigations after a number of stories emerged about the spyware being dangerously abused by governments around the world, the New York Times reported.
Last November the Israeli hacking firm NSO Group, which created Pegasus, was put on the Commerce Department’s Entity List. The Entity List is used by Commerce to restrict the expert and in-country transfer of items to people reasonably believed to pose a national security threat to the United States.
The FBI in the last two years developed advance plans to deploy the Pegasus software and drew up guidelines for federal prosecutors to use it with disclosure in criminal proceedings, according to dozens of internal FBI documents and court records obtained through a Freedom of Information Act lawsuit brought by The New York Times against the FBI.
“Just because the F.B.I. ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals,” a legal brief submitted on behalf of the F.B.I. said last month.
FBI Director Christopher Wray claimed in testimony with lawmakers last December that the Pegasus tool was only used for research and development to “figure out how the bad guys could use it, for example,” he told Senator Ron Wyden, Democrat of Oregon, according to a transcript of the hearing that was recently declassified.
Wyden said earlier this month that it was wrong and inaccurate for Wray to frame the FBI’s use of Pegasus in the way that he did.
“It is totally unacceptable for the F.B.I. director to provide misleading testimony about the bureau’s acquisition of powerful hacking tools and then wait months to give the full story to Congress and the American people,” said Wyden in a statement to the New York Times.
“The F.B.I. also owes Americans a clear explanation as to whether the future operational use of NSO tools is still on the table,” Wyden added.
In its legal response to the NYT’s FOIA lawsuit, the FBI said that just because the agency decided not to deploy Pegasus does not mean it would not test, evaluate and potential deploy other similar tools in the future to gain access access to encrypted communications used by criminals.
It remains unclear why the FBI officially chose not to use the Pegasus software but the Times cited officials who said it was the decision was made largely due to intense negative publicity about how the tool had been abused by governments like Saudi Arabia, Mexico, Hungary, and India.
These governments deployed the Pegasus tool against journalists, human rights workers, and political dissidents that were critical of those in power and there remain concerns that similar hacking tools could be used in the United States.