The US government banned Pegasus NSO spyware 18 months ago, but today a new report says at least one government agency is using very similar malware from a rival company: Paragon Graphite.
Graphite is reported to have the same capabilities as Pegasus and is said to be used by the US Drug Enforcement Administration (DEA)…
Background: US ban on Pegasus
The NSO Group produces spyware called Pegasus that is sold to government and law enforcement agencies.The company buys so-called zero-day vulnerabilities (unknown to Apple) from hackers, and its software is capable of installing zero-click exploits when the target requires no user interaction.
In particular, simply receiving a particular iMessage—without opening it or interacting with it in any way—can compromise your iPhone, revealing personal data.
Back in 2021, the US government declared spyware a national security threat and banned its use domestically by both public and private entities.
The Bureau of Industry and Security (BIS) of the Department of Commerce has added the Israeli company to a list of entities that prohibits the import, export, or transfer of the company’s products from one entity to another in the United States.
Instead, the US government uses Paragon Graphite spyware.
But a report from the Financial Times claims that the US government is instead using a near-identical spyware: Paragon’s Graphite.
According to four [industry figures]The US Drug Enforcement and Administration Agency is among the main customers for Paragon’s branded product called Graphite.
The malware surreptitiously breaks through the security of today’s smartphones and bypasses the encryption of messaging apps like Signal or WhatsApp, sometimes harvesting data from cloud backups, as Pegasus does.
The DEA did not comment directly, but it was alleged that the agency bought Graphite for use by law enforcement partners in Mexico to fight drug cartels.A DEA spokesman said only that it is using “all available legal investigative tools to prosecute the foreign cartels and individuals operating around the world responsible for the drug deaths of 107,735 Americans last year.”
However, the claim that the US bought it for use in Mexico is not entirely reassuring.
Congressman Adam Schiff, chairman of the House Intelligence Committee, wrote to the DEA in December asking for more details about the purchase.Mexico is one of the worst offenders of the Pegasus NO, which it bought nearly ten years ago.
Schiff wrote: “Such a use [of spyware] could have potential U.S. national security implications, as well as run counter to efforts to curb the widespread use of powerful surveillance tools among autocratic regimes and others who may misuse them.”
Paragon Requests US Permission for Client List
The FT report paints a very clear picture that Paragon has learned from the NSO ban and has targeted sales to the US government very carefully.
The Israeli company deliberately sought funding from two American venture capital firms, Battery Ventures and Red Dot, to garner American support.She then hired an American political consulting company that advised her on the do’s and don’ts of getting government jobs.
Paragon has hired an influential DC-based advisory group, WestExec Advisors, that includes former Obama White House officials including Michelle Flournoy, Avril Haynes and Anthony Blinken.Former US Ambassador to Israel Dan Shapiro was also consulted.Shapiro declined to comment.
Paragon is also reported to have requested US guidance on a list of its target customers — countries whose use of Graphite would not upset the White House.FT sources said 35 countries, mostly from Europe and Asia, have received approval.
One of the biggest concerns about Pegasus was the role it played in human rights abuses.It was sold to governments, which used it to spy on political opponents, journalists, lawyers and human rights activists.In this regard, Paragon’s decision to informally consult with the US government on which countries should be allowed to buy it puts it one step above NSO.
However, that doesn’t change the fact that Graphite, like Pegasus, is malware designed to compromise Apple’s security and allow governments to remotely access and control phones owned by their own citizens.Using Graphite may not be as bad as using Pegasus, but it’s still unethical and unacceptable.Let’s hope Apple’s alerts work for this spyware as well.
We have reached out to Apple for comment and will report any response.