Senator Ron Wyden has called for Congress to conduct "aggressive oversight" into the spread of hacking technologies among local agencies. The move comes after Motherboard revealed Tuesday that Westbridge Technologies, the U.S. branch of surveillance vendor NSO Group. directly marketed a phone hacking product to American police.
"Government hacking is among the most invasive forms of surveillance—tracking someone’s movements, turning on their webcam and microphone, or accessing photos and other sensitive data on a phone or computer," Senator Wyden told Motherboard in a statement.
"These tools are ripe for abuse, for example, by a law enforcement officer to spy on an ex. Congress must conduct aggressive oversight into the proliferation of these spying technologies and their use by state and local agencies," Senator Wyden added.
Do you work at NSO Group, did you used to, or do you know anything else about the company? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
Documents obtained by Motherboard showed that Westbridge pitched a product called Phantom to the San Diego Police Department (SDPD) in 2016. Once remotely infecting a phone, sometimes with no interaction from the target, Phantom could siphon emails, text messages, contact lists, and turn on the device's camera or microphone.
SDPD did not buy the product at least in part due to its high price, the emails showed. But after speaking to Westbridge about the product, SDPD Sergeant David Meyer told the company in an email that the technology "sounds awesome." SDPD told Motherboard in a statement Tuesday that using the hacking tool would require legal authorization, such as a search warrant.
A former employee of NSO told Motherboard that Phantom was the "same Pegasus," referring to the phone hacking product NSO has sold to authoritarian governments around the world, including Saudi Arabia. The country used Pegasus to surveill associates of murdered Washington Post journalist Jamal Khashoggi.
Motherboard has previously documented how devices designed to break the digital locks on iPhones that authorities have physical access to have proliferated down to local agencies. In April, Motherboard reported that an employee of NSO abused a client installation's of Pegasus in the United Arab Emirates to target a love interest.
Subscribe to our cybersecurity podcast, CYBER.