The Drug Enforcement Administration held a meeting with the US sales arm of NSO Group, a controversial malware company whose products can remotely siphon data from iPhones and other devices, according to internal DEA emails obtained by Motherboard.
The news highlights law enforcement agencies' increased interest in using hacking tools and malware, as well as NSO's efforts to enter the lucrative US market.
NSO describes itself as "a leader in the field of Cyber warfare," according to company brochures. The company's main product is Pegasus, a sophisticated piece of smartphone malware that can intercept phone calls, emails, and text messages and can also steal a wealth of other data from an infected device. Researchers recently discovered one version of the malware which took control of a fully up-to-date iPhone when the target clicked on a malicious link.
On Wednesday, in the latest episode of the Mexican government's alleged misuse of hacking technology, researchers at Citizen Lab reported that NSO's malware had been used to target lawyers representing the families of three murdered women. Researchers have also found that NSO's products were used to target a dissident from the United Arab Emirates, and the ex-President of Panama deployed the malware to spy on Americans, according to a report from Univision.
At some point before January 2015, WestBridge, the US sales arm of NSO, approached the DEA, according to the internal DEA emails. Motherboard obtained the documents using a Freedom of Information Act request.
From here, the DEA's Office of Special Intelligence (NS) set up a meeting where WestBridge "conducted a demonstration of their technology/product," an email from Willard Bond Wells Jr., deputy assistant administrator at the Office of Special Intelligence, reads. The email implies another section of the DEA "worked" with WestBridge.
NSO co-founder Omri Lavie attended the meeting, according to a second email.
Motherboard previously revealed that the DEA had purchased similar technology from Italian surveillance company Hacking Team, and we previously obtained an invoice between the DEA and Hacking Team for access to zero-day exploits. According to a 2015 letter, the DEA "recently" cancelled its Hacking Team contract after spending $927,000 on the technology and related training since 2012. Specifically, in the contract with Hacking Team, the DEA pointed to the issue of criminals increasingly using encrypted communications.
It is not clear if NSO or WestBridge sold any products to the DEA. A separate Freedom of Information Act request filed by Motherboard to the DEA found no responsive records for contracts with either company. The DEA declined to comment.
"I would hope that a US government agency would refrain from doing business with a company with such a checkered track history as a matter of principle, if not yet regulation. Those who oversee the work of the DEA, especially the various House and Senate committees, may want to question the agency in this respect," Ron Deibert, director of the Citizen Lab at the University of Toronto's Munk School of Global Affairs, told Motherboard in an email.
The meeting, however, is still indicative of NSO's effort to sell malware to US agencies. As well as being a co-founder of the company, Lavie uses the title "VP of Business Development and North America."
According to a source who is familiar with NSO's US expansion, NSO was in talks to acquire one US company in around 2013, primarily for its sales team which had access to the US government. Motherboard granted the source anonymity to talk about sensitive industry work.
Online records from the US Department of Labor indicate that WestBridge applied for VISA authority for a "Government Relation Specialist" in May 2015.
Michael Flynn, President Trump's former National Security Advisor, advised a company linked to NSO, according to trade publication Intelligence Online.
Investment group Blackstone is in advanced talks to pay $400 million for 40 percent of NSO. Activists have asked Blackstone to reconsider the deal, pointing to abuses of NSO's technology. US private equity firm Francisco Partners Management currently owns NSO, and NSO is running with a billion dollar valuation.
An NSO representative acknowledged a request for comment but did not provide a response in time for publication.