WASHINGTON — Senior lawmakers said they would investigate the government’s purchase and use of powerful spyware by two Israeli hacking firms as Congress passed a measure in recent days to try to contain the proliferation of the hacking tools.
Representative Adam Schiff, the California Democrat who chairs the House Intelligence Committee, sent a letter last week to the head of the Drug Enforcement Administration requesting detailed information about the agency’s use of Graphite, a spyware tool from the Israeli company. Paragon.
“Such use could have potential implications for US national security and run counter to efforts to deter the widespread proliferation of powerful surveillance capabilities to autocratic regimes and others who might abuse them,” Mr. Schiff wrote in the letter.
Graphite, like the better-known Israeli hacking tool Pegasus, can penetrate its targets’ cellphones and extract messages, videos, photos and other content. The New York Times revealed this month that the DEA used graphite in its foreign operations. The agency has said it uses the tool legally and only outside the United States, but has not answered questions about whether US citizens could be targeted by the hacking tool.
Mr. Schiff asked Anne Milgram, the DEA administrator, to respond by Jan. 15 to questions submitted in a secret addendum to the drug agency.
By then, the Republicans will have taken power in the House and Mr. Schiff will no longer be chairman of the committee. But the committee’s efforts to curb the proliferation of foreign spyware have been twofold, so the switch is unlikely to affect its agenda on the matter.
Countries around the world have embraced commercial spyware because of the new surveillance capabilities it gives them. The Israeli company NSO held a near-monopoly in the industry for nearly a decade, selling Pegasus to Mexico, Saudi Arabia, India and other countries.
A bill passed by Congress this month includes provisions giving the Director of National Intelligence the power to prohibit the intelligence community from acquiring foreign spyware, and requires the Director of National Intelligence to submit to Congress each year a ” watch list” citing foreign spyware firms posing a risk to US intelligence.
Separately, Sen. Ron Wyden, an Oregon Democrat on the Senate Intelligence Committee, is pressing the Federal Bureau of Investigation for information about the agency’s purchase and testing of NSO’s Pegasus spyware. The Israeli company’s hacking tools have been used by autocratic and democratic governments to target journalists, dissidents and human rights activists.
The Times reported last month that internal FBI documents showed that the agency’s criminal division issued guidelines for the use of Pegasus in criminal investigations in 2021 — before the FBI’s senior leadership decided not to use the spyware in operations.
What we consider before using anonymous sources. Do the sources know the information? What is their motivation for telling us? Have they proven reliable in the past? Can we confirm the information? Even with these questions met, The Times uses anonymous sources as a last resort. The reporter and at least one editor know the identity of the source.
In a letter last week to Christopher Wray, the director of the FBI, Mr. Wyden asked the agency for information on why it chose not to deploy Pegasus, and whether the agency’s attorneys had reached a decision that the FBI from using Pegasus or similar hacking tools. .
“The American people have a right to know the extent of the FBI’s hacking activity and the rules governing the use of this controversial surveillance technique,” Mr. Wyden wrote.
A government legal letter regarding a Times Freedom of Information Act lawsuit against the FBI stated that “the fact that the FBI ultimately decided not to use the tool in support of criminal investigations does not mean that it cannot tools would test, evaluate and possibly deploy. for gaining access to encrypted communications used by criminals.”
Late last year, the Biden administration blacklisted NSO and another Israeli hacking company from the Department of Commerce — barring U.S. companies from doing business with the two companies.
That move, as well as a decision by the Israeli Defense Ministry to reduce the number of countries to which companies could potentially sell their hacking tools, has plagued the Israeli hacking industry, causing investment in companies to dry up over fears that they too could land. on the US blacklist. A senior Israeli military official estimates that only six offensive technology companies will soon be left standing — fewer than the 18 companies that operated in Israel before the NSO was blacklisted.
But now the Israeli Defense Ministry appears to be considering easing restrictions on businesses to prevent the industry from collapsing, according to two Israeli military officials who spoke on condition of anonymity to discuss sensitive decision-making.
When asked if Israel has made a final decision on easing restrictions, a Defense Ministry spokesperson said that “the aim is to improve monitoring of controlled cyber exports and to create more precise instructions for controlled cyber exporters, while risk is reduced. of improper use of these systems and providing effective tools to ensure compliance with the purchaser’s license terms.”
The Israeli government requires all hacking companies in the country to have an export license to sell spyware tools to foreign governments. Some Israelis have tried to circumvent these restrictions by relocating their businesses outside of Israel.
One of them, retired Israeli general Tal Dilian, has set up companies in Greece and Cyprus, and his hacking tool – Predator – is at the center of a growing scandal involving allegations of espionage by Greek government officials.
Israeli officials have publicly expressed frustration at their inability to regulate the affairs of Israelis operating outside the country. But following recent reports of Mr. Dilian’s growing hacking empire, the Israeli Defense Ministry called a meeting to examine whether steps could be taken to better regulate the operations of Mr. Dilian and others working outside Israel. One of the options explored was whether to open an investigation into Mr. Dilian or take other measures against Israeli hackers who used the expertise they gained in the Israeli military to set up foreign companies out of reach from the government.
