MEE Staff
Middle East Eye / December 28, 2022
Congressman Adam Schiff and Senator Ron Wyden enquire about Washington’s purchase and use of Israeli spyware.
Two senior US lawmakers have sent letters to several government agencies seeking answers on the purchase and use of powerful spyware made by two Israeli firms, as Congress recently passed measures to rein in the proliferation of hacking software.
One letter sent by Congressman Adam Schiff, chair of the House Intelligence Committee, called on the head of the Drug Enforcement Administration (DEA) to provide details about its use of Graphite, an Israeli spyware tool produced by the firm Paragon.
“Such use could have potential implications for US national security, as well as run contrary to efforts to deter the broad proliferation of powerful surveillance capabilities to autocratic regimes and others who may misuse them,” Schiff wrote in the letter, obtained by the New York Times.
Graphite, similar to the Israeli hacking tool Pegasus that has made international headlines over the past year, is able to penetrate mobile devices and extract messages, videos, photos and other files.
Earlier this month, The Times reported that the DEA was using Graphite in operations overseas. The agency responded by saying that it used the tool legally, and only outside the US.
In a separate letter, Senator Ron Wyden, who sits on the Senate Intelligence Committee, is pressing the FBI for information about the bureau’s purchase and testing of the NSO Group’s Pegasus spyware.
In January, the newspaper first reported that the FBI had procured the Israeli company’s software, and that NSO offered the FBI a version of Pegasus and had created a product named Phantom that would be able to hack any phone number in the US.
The FBI later confirmed to The Guardian that it had obtained the spyware, but only with a “limited licence”. NSO has categorically denied that its Pegasus spyware could be used against US mobile phones.
Wyden asked the FBI for information about why it decided not to deploy Pegasus, saying that it “remains unclear what triggered the decision by FBI leadership to forgo operational use of the tool”.
“The FBI cannot continue to shroud in secrecy the rules that govern its hacking operations against Americans’ phones and computers,” said the letter, also obtained by The Times.
“The American people have a right to know the scale of the FBI’s hacking activities and the rules that govern the use of this controversial surveillance technique.”
Last month, contrary to what the FBI said publicly, The Times reported that internal FBI documents showed the bureau drew up guidelines for using Pegasus in criminal investigations, but its senior leadership decided against using the spyware in operations.
The two letters were sent as Congress passed its omnibus spending bill last week, which includes provisions that give the director of national intelligence power to prohibit the intelligence community from purchasing foreign spyware.
The measures also require the director to submit to Congress each year a “watch list” identifying foreign spyware firms that present a risk to US intelligence agencies.
Global demand for spyware
NSO is at the heart of a global hacking scandal, as researchers say its Pegasus software has been used by a number of governments around the world to target political dissidents, journalists and activists.
Middle East Eye’s Turkey bureau chief, Ragip Soylu, was revealed to have had his phone hacked by the spyware.
The spyware had also been used to target world leaders, with French President Emmanuel Macron’s phone reportedly having been compromised.
However, while NSO has dominated headlines, the entire industry of spyware has seen a recent surge, and several Israeli firms have come out with hacking software to rival Pegasus.
This comes as the NSO Group is continuing to face blacklisting by the US Commerce Department, barring it from American technologies crucial to maintaining its operations.
The Commerce Department said its decision was based on evidence that the NSO group and Candiru, another Israeli spyware company, developed and supplied spyware to foreign governments who in turn used it “to maliciously target government officials, journalists, business people, activists, academics, and embassy workers”.
In June, Axios reported that Israeli officials were pressuring the Biden administration to remove the spyware firm from the blacklist.
