Lawmakers signal probe into U.S. government use of foreign spyware
WASHINGTON — As Congress passed a measure in recent days to try to rein in the proliferation of hacking tools, top lawmakers said they would investigate the government’s purchase and use of powerful spyware made by two Israeli hacking firms.
House Intelligence Committee Chairman Adam Schiff, D-Calif., sent a letter The head of the DEA was asked last week for details about the agency’s use of Graphite, a spyware tool made by the Israeli company Paragon.
“Such use could have potential implications for U.S. national security and is contrary to efforts to prevent the widespread proliferation of powerful surveillance capabilities to authoritarian regimes and others who might abuse them,” Mr. Schiff wrote in the letter.
Graphite, like Pegasus, a better-known Israeli hacking tool, can break into a target’s phone and extract messages, videos, photos, and more. The New York Times revealed earlier this month that the DEA is using Graphite in its foreign operations. The agency said it used the tool legally only outside the United States, but did not answer a question about whether U.S. citizens could be targeted by the hacking tool.
Mr. Schiff gave DEA Administrator Anne Milgram until Jan. 15 to respond to questions in a confidential addendum submitted to the drug agency.
At that point, Republicans will take power in the House of Representatives, and Mr. Schiff will no longer serve as committee chairman. But the committee’s efforts to curb the spread of foreign spyware are bipartisan — meaning the shift is unlikely to affect the agency’s agenda on the issue.
Countries around the world are adopting commercial spyware because it gives them new surveillance capabilities. For nearly a decade, Israeli firm NSO had a near-monopoly on the industry — selling Pegasus to Mexico, Saudi Arabia, India and other countries — but as demand surged, new companies peddling other hacking tools found success.
As part of the omnibus spending bill passed last week, Congress included provisions giving the DNI the power to prohibit the intelligence community from buying foreign spyware and requiring the DNI to submit to Congress annually a “watch list” identifying threats to U.S. intelligence agencies. Threats of foreign spyware companies.
Separately, Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee, is pressing the FBI to provide information about the bureau’s purchase and testing of Pegasus, an invasive spyware made by NSO. The company’s hacking tools have been used by authoritarian and democratic governments alike to target journalists, dissidents and human rights workers.
The Times reported last month that internal FBI documents showed that the bureau’s criminal division had guidelines for using Pegasus in criminal investigations in 2021 — after senior FBI leadership decided not to use the spyware in operations. Before.
Things we consider before using anonymous sources. Does the source know this information? What motives do they tell us? Have they proven reliable in the past? Can we corroborate this information? Even after addressing these concerns, The Times used anonymous sources as a last resort. Reporters and at least one editor knew the identities of the sources.
in a letter Last week, Mr. Wyden asked FBI Director Christopher Wray for information on why the bureau chose not to deploy Pegasus, and whether the bureau’s lawyers made a decision to prevent the FBI from using Pegasus or a similar hacking tool.
“The American people have a right to know the scale of the FBI’s hacking campaign and the rules governing the use of this controversial surveillance technology,” Mr. Wyden wrote.
A government legal brief related to the Times Freedom of Information Act lawsuit against the FBI noted that “just because the FBI ultimately decides not to deploy the tool to support a criminal investigation does not mean it will not test, evaluate and potentially deploy other similar tools to gain access to encrypted communications used by criminals.”
The Biden administration put NSO and another Israeli hacking firm on a Commerce Department blacklist late last year — barring any U.S. company from doing business with them.
That move, along with the Israeli Ministry of Defense’s decision to reduce the number of countries to which companies may sell hacking tools, has dealt a blow to the Israeli hacking industry amid fears they could also land on a U.S. blacklist. A senior Israeli military official estimates that soon, only six offensive tech companies will remain in existence — down from the 18 companies operating in Israel before NSO’s blacklist.
But now Israel’s Defense Ministry appears to be considering easing restrictions on companies to prevent the industry from collapsing, according to two Israeli military officials who spoke on condition of anonymity to discuss the sensitive decision.
Asked whether Israel had made a final decision on easing restrictions, a MoD spokesman said, “The aim is to improve the monitoring of controlled network exits and to develop more accurate instructions for controlled network exporters while reducing risks.” Improper use of these systems and providing effective tools to ensure compliance with the purchaser’s license terms.”
The Israeli government requires all hacking companies in the country to obtain an export license to sell spyware tools to foreign governments. Some Israelis try to circumvent these restrictions by relocating their businesses outside of Israel.
One of them is Tal Dilian, a retired Israeli general with operations in Greece and Cyprus, whose hacking tool Predator is at the center of a widening scandal involving espionage allegations against Greek government officials.
Israeli officials have publicly expressed frustration at their inability to police the businesses of Israelis operating abroad.but then recent Following reports of Mr. Dilian’s growing Matrix, Israel’s Ministry of Defense convened a meeting to explore whether anything could be done to better regulate the activities of Mr. Dilian and others working outside Israel. Options explored included whether Mr. Dilian could be investigated or other steps could be taken against Israeli hackers who use expertise they gained in the Israeli military to set up foreign companies that the government cannot control.