FBI Admits Purchasing NSO Group's Pegasus Spyware

~3 min read | Published on 2022-02-04, tagged General-News using 672 words.

The FBI purchased the NSO Group’s Pegasus spyware but only for “testing and evaluation,” they claimed.
The Federal Bureau of Investigation confirmed to The Guardian that the Bureau had purchased a license to access Pegasus for “product testing and evaluation only.” NSO Group, an Israeli firm, sells spyware and hacking tools to “government intelligence and law enforcement agencies” across the globe. The company’s products are “classified as a military export by Israel.” Pegasus is “one of the world’s most sophisticated hacking tools.” Per Wikipedia:
Pegasus is compatible with iPhone and Android devices. It can be deployed remotely. Once deployed, the client can access the target phone’s data and sensors, including location data, texts, emails, social media messages, files, camera, and microphone. The client-facing side of the tool is user-friendly, and all that may be required (depending upon the case) of the client to begin deployment of Pegasus is to enter the target’s phone number into the tool.

The NSO Group is one of the good guys

The FBI told The Guardian that the Bureau “works diligently to stay abreast of emerging technologies and tradecraft – not just to explore a potential legal use but also to combat crime and to protect both the American people and our civil liberties.” The FBI is well known for respecting civil liberties! Furthermore, the FBI only wanted to test Pegasus for evaluation purposes. “That means we routinely identify, evaluate, and test technical solutions and problems for a variety of reasons, including possible operational and security concerns they might pose in the wrong hands. There was no operational use in support of any investigation; the FBI procured a limited license for product testing and evaluation only,” an FBI employee said in response to a question from a Guardian journalist.
“it had helped Mexican authorities capture Joaquín Guzmán Loera, the drug lord known as El Chapo. European investigators have quietly used Pegasus to thwart terrorist plots, fight organized crime, and, in one case, take down a global child-abuse ring, identifying dozens of suspects in more than 40 countries. In a broader sense, NSO’s products seemed to solve one of the biggest problems facing law enforcement and intelligence agencies in the 21st century: that criminals and terrorists had better technology for encrypting their communications than investigators had to decrypt them. The criminal world had gone dark even as it was increasingly going global.”

Intelligence agencies in Saudi Arabia allegedly used Pegasus to spy on the millionaire Washington Post columnist Jamal Khashoggi. If one searches the web for information about Pegasus, they will find many news outlets outraged about its use by “autocratic governments.” I do not think any intelligence agency or law enforcement agency will limit the use of Pegasus to drug lords such as El Chapo or “global child-abuse rings.”
In 2021, Apple filed a complaint against NSO Group concerning the “zero-click” iOS exploit known as “FORCEDENTRY.”
The exploit uses PDF files disguised as GIF files to inject JBIG2-encoded data to provoke an integer overflow in Apple’s CoreGraphics system, circumventing Apple’s “BlastDoor” sandbox for message content, introduced in iOS 14 to defend against KISMET, another zero-click exploit. The FORCEDENTRY exploit has been given the CVE identifier CVE-2021-30860.

A Symbolicated Type One crash for FORCEDENTRY on an iPhone 12 Pro Max running iOS 14.6. | Citizen Lab

CVE-2021-30860’s description: “An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
NSO Group has an extensive background when it comes to mobile device intrusion. The ForcedEntry exploit followed a different iMessage exploit from the company identified as “Kismet.”

Keep in mind, “private companies” are partnering with the three letter agencies to spy on you. With telecom companies providing the NSA with “copies of internet traffic,” these agencies hardly have a need to deploy Pegasus when collecting intel on their own citizens.
archive.is, archive.org, archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion

Comments (8)




What kind of idiot would use "1234" as the password on his cloud-stored data? The same kind who created the whole "Horse de-wormer cures Covid" nonsense by publishing a heavily plagiarized paper that used false data in a non-peer reviewed journal admin 1234 still open gentz! SUPER PATRIOTS unite!


You realize nobody gives a shit about covid19 theatrics on this site. One of the reasons is that this is not a healthcare blog. The posts are unrelated to any respiratory illnesses. In fact I don't think health is a topic covered on this site. If people want more information about health of any sort, they don't come here. You will likely find what you are looking for on Twitter if you just post your reactionary stuff there.


I meant 520b3f22, obviously


They can't hack your phone if you don't have one...


LOL omg DNL ad ignorantiam you took the bait dingleberry social engineering attack FTW super trustworth source for the lulz


In this case and many like it the company might as well be an arm of the government they work with. Even if that was not the case I don't think it would matter. Such "private companies" care about rights as much as these agencies.


Good ol' integer overflow exploit. Cutting edge technology is anything but. Keep up on your fundamentals.