NSO Group Gave Pegasus Spyware Demo To The NYPD

NYPD

Image: Timothy A. Clary/Contributor

Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

A section of the New York Police Department (NYPD) focused on intelligence gathering received a demo of NSO Group’s controversial Pegasus spyware product, according to an email obtained by Motherboard.

The news provides more insight into Israeli company NSO Group’s push into the surveillance market in the United States, and specifically its pitching of the company’s technology to American police forces. The findings come after the New York Times reported that the FBI bought a Pegasus licence in 2019 for evaluation purposes.

Advertisement

“There will be a demo of the attached investigative software at the Rutgers School of Criminal Justice,” James Sheehan, a program manager from the Northern New Jersey-Newark/Jersey City UASI, wrote in the August 2015 email. The UASI is the Urban Area Security Initative, a program administered by the Department of Homeland Security which brings together bodies from law enforcement, fire service, public health, and more to address threats of terrorism and other issues. “The audience is the UASI/CorrStat region and NYPD intel,” Sheehan continued.

Do you work at NSO Group or a similar company? Do you know anything else about these firms? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

Recipients on Sheehan’s email inviting people to attend included representatives from the Bergen County Prosecutor’s Office, Jersey City’s public safety agency, and the Paterson Police Department, a city of just over 150,000.

Attached to Sheehan’s email was a brochure for Pegasus, NSO Group’s hacking product, which advertised the tool’s ability to obtain a target’s calls, contacts, emails, WhatsApp messages, track their location, and more. The brochure contains a logo for WestBridge, NSO Group’s North American branch.

Advertisement

“Turn Your Target’s Smartphone into an Intelligence Gold Mine,” the Pegasus brochure reads.

“NYPD intel” likely refers to the NYPD’s Intelligence Bureau. Its mission is to “detect and disrupt criminal and terrorist activity through the use of intelligence-led policing. In combination with traditional policing methods, uniformed officers and civilian analysts in the Intelligence Bureau collect and analyze information from a variety of sources in order to advance criminal and terrorist investigations,” according to the NYPD’s website.

Motherboard obtained the email via a public records request. Neither the UASI or the NYPD responded to a request for comment. NSO Group did not respond to a request for comment on its demo for the NYPD.

nypd-nso-group-email-to-publish.png

A screenshot of the email obtained by Motherboard. Image: Motherboard

Motherboard first revealed NSO Group’s attempts to sell its hacking technology to American police departments in 2020, including the San Diego Police Department and the Los Angeles Police Department. In those cases, the malware was branded as “Phantom,” but the functionality is largely the same, according to the brochures. 

In emails previously obtained by Motherboard, one San Diego Police Department officer described the tool as “awesome.” Those emails also described two other products NSO Group pitched called “Landmark” and “Hook.” A former NSO employee previously told Motherboard that Landmark was a “SS7 locating system.” SS7 is an underlying network and related protocol that phones use to communicate, and which allows an attacker to geolocate phones.

Advertisement

Motherboard also revealed that the Drug Enforcement Administration received a demo from NSO Group, but didn’t buy the company’s product because it was too expensive

After the New York Times report last month which said the FBI paid $5 million for a Pegasus license, the FBI said in a statement to The Guardian that the purchase was for “product testing and evaluation only.”

NSO Group is currently facing an existential crisis after the U.S. Commerce Department’s Bureau of Industry and Security added the company to a federal denylist that stops any American company or individual from selling or providing their services to NSO Group.

NSO Group is also currently embroiled in controversy domestically, after the Israeli publication Calcalist revealed NSO Group’s software was used by Israeli police against CEOs, journalists, protestors, and even former Prime Minister Benjamin Netanyahu’s son, Avner Netanyahu.

The Pegasus brochure attached to the email is embedded below.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.

READ MORE HERE